IPMediumSignal 38/100

`185.242.226.2`

Location

Netherlands

Amsterdam, North Holland

ASN

AS202425

AI Spera

First Seen

Feb 14, 2024

Last Seen

Jun 17, 2026

Feb 14

First Seen

858d ago

Jun 17

Last Seen

4d ago

Reports

source reports

38%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

38%

Signal Score

38 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

90 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS202425

OrganizationAI Spera

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

29 reports38% confidence

Source reports

38%

Confidence score

Category tags

abuseaccess controlackack scanactive scanactive scanningadbadb exploitadb protocolaerospace & defenseapacheapache attackerapplication scanningaptattackattacker-ipaustraliaauthentication abuseauthentication attemptsbad reputationbad web botbankingbanner grabbing attemptbeningbening scannerblacklist ipbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationcertcisco devicecisco device attackcisco device targetingcisco exploit attemptcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescompromised hostcompromised hostsconfig manipulationconfiguration modificationconnect scanconsumer goodscowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredential theftcredit card servicescriminal_ip-benigncron injectiondata encryptiondata exfiltrationdata store exposuredatabase attackdatabase exploitationdatabase securityddosddos attackddos attacksddos attemptdecoy systemdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaea honeypotdistributed attacksdropperencryptionenterprise networkingenterprise securityenumerationenumeration attempteuropeexploitexploit attemptexploit scanexploitationexploitation activityexploitation of privilegeexploited hostexternal network scanexternal scanfailed login attemptsfattfinfin port scanfin scanfinancefinancial servicesfinancial technologyfirewall detectionfirewall evasionfraudfraudulent activityftpftp brute forcefull connect scanhackinghoneytrap honeypothttp brute forcehttp probehttp scannerhttp scanninghttps probehttps scanningicmpidentity & access exploitationids evasionimap brute forceindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure discoveryinitial accessinjection activityinjection attacksinternal scaninternet of thingsintrusion detectioniociot botnetiot device attackiot securityiot/ics attackipqsit infrastructurelamplamp attacklamp attack attemptlamp exploit attemptslamp exploitationlamp server attacklamp stack attacklamp stack targetinglateral movementlateral movement techniquesmailoney honeypotmaimon scanmalicious activitymalicious adb activitymalicious payloadmalicious scanmalicious softwaremalicious trafficmalwaremalware attemptmalware behaviourmalware capturemalware distributionmalware droppermalware hostingmalware installationmalware-related botnet activitymanualmass scanning activitymasscanmassive port scanmediamilitary operationsmirai botnetmobilemobile carriersmobile networksmobile securitymodule loadingmysql brute forcenational securitynetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnlnmapnorth americanull port scannull scanoceaniaopen port detectionopen port enumerationopen port identificationos detectionos fingerprintingp0fpassword attackspayment processingphishingphishing attackphishing trapping of deathpop3 brute forcepossible botnet infectionpossible malicious activitypossible malware distributionpossible malware probingpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpotential botnet activitypotential exploit attemptspotential intrusionpotential intrusion attemptpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprocess injectionprotocol exploitationproxyproxy detectionproxy protocolransomwarercerdp exploitationreconnaissancereconnaissance activityremote accessremote service exploitationremote servicesreplication attackresearchedresource hijackingretail tradesansscams & fraudscanscannerscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice detectionservice discoveryservice enumerationservice scanservice version detectionsftp access attemptssftp attacksip scanningslaveofsmb scanningsmtpsmtp brute forcesocial engineeringsocradarsoftware developmentsoftware exploitationspamspammingsql injection attemptssh attackssh exploitationssh key injectionssh monitoringstealthstealth scansuspected malicious activitysweep scansynsyn port scansyn scansystem accesst1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1057t1059t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1136.001t1187t1189t1190t1195t1199t1202t1203t1204t1204.002t1205t1210t1486t1496t1499.001t1499.002t1499.003t1505.003t1505.004t1539t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1567.001t1573t1573.001t1574.001t1583t1587.001t1588t1588.002t1589t1589.001t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeted scantargeting databasetcp protocoltcp scantcp scanningtelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor detectiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized scanningunited statesuser enumerationverified-benignversion detectionvoidtrapvoipvoip attackvpnvpn detectionvulnerabilityvulnerability scanwealth managementweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb server exploitationweb shell uploadweb spamweb trafficwindow scanxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

38%

Confidence

Reports

First seenFeb 14, 2024

Last seenJun 17, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS202425

OrgAI Spera

Coords52.3676, 4.9041

ProxyVPN

VirusTotal

Not checked

WHOIS

description: 2024-11-24T23:08:40.000Z Honeypot : Honeytrap : Source: 185.242.226.2 : Port: 9053 Message: {'payload': {'data_hex': '474554202f20485454502f312e310d0a486f73743a2039392e31382e32362e32313a393035330d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f38382e302e343332342e313930205361666172692f3533372e33360d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a', 'md5_hash': 'dbaa214e3e80fbd06b81f3d2149c058e', 'sha512_hash': '77caf67b60b64ad84ece7cf2aeb9328de4e9e0aca59bf2584f1fffe560d5fcc9b28dad5a21bd3b8fd1f999d2ec25f4b3bbffff29f5f5166dda4fcfd77ab5b10c', 'length': 207}, 'protocol': 'tcp'}
raw: NetRange: 185.0.0.0 - 185.255.255.255 CIDR: 185.0.0.0/8 NetName: RIPE-185 NetHandle: NET-185-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2011-01-04 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/185.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

`185.242.226.2`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey