IOC Radar
IPMediumSignal 39/100

185.21.217.32

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS200052
Feral
First Seen
Aug 26, 2020
Last Seen
May 29, 2026
Aug 26
First Seen
2126d ago
May 29
Last Seen
24d ago
14
Reports
source reports
39%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

27 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS200052
OrganizationFeral

IP Category

VPN
VPN exit node

Feed Intelligence Summary

14 reports39% confidence
14
Source reports
39%
Confidence score
Category tags
active scanactive scanningaerospace & defenseattackautomotive manufacturingbrute forcecivil servicescredential accesscredential harvestingcredential stuffingcyber securitydefensedefense contractingdefense logisticsdefense systemsdefense technologyelectronics manufacturingeuropeexploitation activityfinlandfranceftp brute forcegbgermanygovernment technologyhoneynet connecthttp brute forceidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninformation technologyiociot securityit infrastructurelateral movementlogin attemptmalicious activitymalwaremanufacturing technologymilitary operationsnational securitynetherlandsnetworknetwork enumerationnetwork intrusionnetwork scanningnetwork securitynextraynlnorth americapassword attackphishingphishing attackpolandprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlreconnaissanceregulatory agenciesremote accessremote servicesresearchedscannerscanning activitysecurity operationssmb brute forcesmtp brute forcesocial engineeringsoftware developmentssh attacksupply chain attacksupply chain managementsuspicious-udpt1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1059t1059.001t1059.003t1059.004t1068t1076t1078t1110t1110.001t1110.002t1563t1566.001t1566.002t1566.003t1592t1595t1595.001t1595.002t1595.003tcp scantelnet threatthreat actorthreat intelligencetortor nodeudp scanunauthorized access attemptunited kingdomunited statesvpn

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
14
Reports
First seenAug 26, 2020
Last seenMay 29, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS200052
OrgFeral
Coords51.4964, -0.1224
VPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 185.21.216.0 - 185.21.217.255 netname: feral-1 country: GB admin-c: JM20922-RIPE tech-c: JM20922-RIPE status: ASSIGNED PA mnt-by: mnt-uk-feralio-1 created: 2021-03-30T09:53:02Z last-modified: 2021-03-30T09:53:02Z source: RIPE person: Joshua McQuistan address: C/O KKVMS LLP, Capital Tower, 91 Waterloo Road address: SE1 8RT address: London address: UNITED KINGDOM phone: +447902358069 nic-hdl: JM20922-RIPE mnt-by: mnt-uk-feralio-1 created: 2019-09-26T09:04:22Z last-modified: 2019-09-26T09:04:22Z source: RIPE route: 185.21.216.0/22 descr: Feral Hosting origin: AS200052 mnt-by: mnt-uk-feralio-1 created: 2014-03-22T10:21:40Z last-modified: 2019-12-07T16:42:12Z source: RIPE
references
https://www.dan.me.uk/torlist/, blacklist_ip.backup, https://lists.fissionrelays.net/tor/relays.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 24 days ago
Appeared in 14 threat reports