IOC Radar
IPMediumSignal 40/100

185.242.226.38

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS202425
AI Spera
First Seen
Feb 14, 2024
Last Seen
Jun 17, 2026
Feb 14
First Seen
861d ago
Jun 17
Last Seen
7d ago
31
Reports
source reports
40%
Confidence
medium
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

80 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS202425
OrganizationAI Spera

Feed Intelligence Summary

31 reports40% confidence
31
Source reports
40%
Confidence score
Category tags
abuseaccess controlackack scanactive scanactive scanningadb scanningadbhoney activityadbhoney honeypotapacheapache attackeratif feedattachment phishingattackauto-generated securityautomated emailbad reputationbanlist feedbase64base64 encodingbecbeningbening scannerbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbulk emailc2c2 servercertcisco attackcisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscitrix brute forcecitrix exploitation attemptscitrix securitycode executioncommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostsconnect scanconpotconpot activityconpot emulationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationcowriecowrie activitycowrie emulationcowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential harvestingcredential phishingcredential stuffingcriminal_ip-benigndata exfiltrationdata store exposuredata theftdatabase attackdatabase exploitationdatabase probingdatabase securityddosdecoy systemdefense evasiondenial of servicedevice managementdionaeadionaea activitydionaea emulationdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondistributed attackselasticpot activityelasticpot attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingenterprise securityenumerationenumeration activityeuropeexploit kit activityexploit scanexploitationexploitation activityexploitation attemptsexploitation of privilegeexternal network scanexternal scanfinfin port scanfin scanfirewall detectionftpftp brute forcefull connect scangithubhackingheralding activityheralding attacksheralding probeshoneytrap emulationhoneytrap honeypothttp brute forcehttp probehttp scanninghttps probehttps scanningics securityidentity & access exploitationindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityiociot securityiot/ics attackipmi scanningipphoney activityipphoney honeypotlamplamp attacklamp exploit attemptslamp exploitationlamp exploitation attemptslamp stack attacklamp stack targetinglateral movementmail protocol attacksmailoney activitymailoney email spoofingmailoney honeypotmalicious activitymalicious network activitymalicious payloadmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmass scanningmasscanmasscan activitymysql brute forcenetherlandsnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnlnmapnmap scannmap scan detectednorth americanull port scannull scanopen port detectionopen port identificationos fingerprintingpasswordpassword attackpassword attackspassword theftpayment fraudphishingphishing attackphishing campaignphishing trappossible botnet activitypossible credential stuffingpossible malicious activitypossible malware distributionpossible reconnaissance activitypossible vulnerability probingpotential exploit targetingpotential intrusion attemptpotential malware deploymentpotential reconnaissance activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprice requestprice request scamprivilege escalationprobing activityprocess injectionprotocol exploitationpythonransomwarereconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypot activityremote accessremote service exploitationremote servicesresearchedresource hijackingrtbhscams & fraudscanscannerscanning activityschedule themescheduled task abusescripting attackssecurity policysentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer p2p attackservice detectionservice discoveryservice enumerationservice scansftpsftp access attemptsftp access attemptssftp activitysftp attacksftp scanningsip brute forcesip scanningslugsmtp brute forcesmtp probingsocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injection attemptsshssh attackssh monitoringstealth scansurface websynsyn port scansyn scant1003t1003.001t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1053t1053.005t1055t1059t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1192t1203t1204.002t1205t1210t1213t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1587.001t1588t1589t1589.001t1589.002t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003t1598t1598.003t1608tannertanner activitytanner exploit kittanner honeypot activitytanner web attacktargeted scantargeting databasetariff server compromisetariff server themetariffs servertcp protocoltcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeudp port scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized probingunauthorized scanningunited statesverified-benignvoipvoip attackvulnerability scanweb application attackweb application attacksweb attackweb exploitationweb server exploitationwetransfer abusexmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
40
SIGNAL
Signal Score
40%
Confidence
31
Reports
First seenFeb 14, 2024
Last seenJun 17, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS202425
OrgAI Spera
Coords52.3676, 4.9041

VirusTotal

Not checked

WHOIS

description
2024-11-14T04:47:36.000Z Honeypot : Honeytrap : Source: 185.242.226.38 : Port: 1792 Message: {'protocol': 'tcp', 'payload': {'data_hex': '474554202f20485454502f312e310d0a486f73743a2039392e31382e32362e32313a313739320d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f38382e302e343332342e313930205361666172692f3533372e33360d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a', 'sha512_hash': '2bea4bc37add631b211b7794554d711f448e171c2ec529926cd17fc36498f545ad5dfc7abce3774e6f36fbbb934eee0a940f3b5a381bb5f1b226a833ddf5c40a', 'length': 207, 'md5_hash': '31fcf01901eff7f8b00bbb2d9315a3c3'}}
raw
NetRange: 185.0.0.0 - 185.255.255.255 CIDR: 185.0.0.0/8 NetName: RIPE-185 NetHandle: NET-185-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2011-01-04 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/185.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 7 days ago
Appeared in 31 threat reports