IPMediumSignal 43/100
185.242.226.39
Location
NetherlandsAmsterdam, North Holland
ASN
AS202425
AI Spera
First Seen
Feb 14, 2024
Last Seen
Jun 17, 2026
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionAmsterdam, North Holland
ASNAS202425
OrganizationAI Spera
Feed Intelligence Summary
32 reports43% confidence
32
Source reports
43%
Confidence score
Category tags
abuseaccess controlack scanactive scanactive scanningadbadb protocolapacheapache attackerapplication layer protocolatif feedattackattacker-ipaustraliaauthentication abuseauthentication attemptsauthentication failureauto-generated securitybad reputationbad web botbanlist feedbeningbening scannerbinary defenseblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationc2 servercertcisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitation attemptscitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised hostcompromised hostsconnect scancowrie activitycowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcriminal_ip-benigndata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attemptdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdionaea interactionsdistributed attacksdropperencryptionenterprise networkingenterprise securityenumerationenumeration attempteuropeexploitexploitationexploitation activityexploitation of privilegeexternal network scanexternal scanexternal threatfattfin scanfirewall detectionfirewall evasionfirewall probingftpftp brute forceftp brute-forcehackinghoneytrap honeypothttp brute forcehttp scannerhttp scanninghttps scanningicmpicmp scanidentity & access exploitationindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure discoveryinitial accessinjection activityinjection attacksinternal scanintrusion detectioniociot device attackiot securityipv4kfsensor honeypotlamplamp attacklamp attack attemptlamp exploitationlamp exploitation attemptslamp stack attacklamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious payloadmalicious softwaremalwaremalware attemptmalware behaviourmalware capturemalware distributionmalware droppermalware hostingmanualmass port scanmass scanningmasscanmassive port scanmobilemobile securitymonthlymssqlnetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusionsnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnlnmapnorth americanull scanoceaniaopen port detectionopenctios credential dumpingos detectionos fingerprintingp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpossible malware probingpossible reconnaissance activitypotential attack vectorpotential botnet activitypotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability probingpotential vulnerability scanningprobing activityprocess injectionprotocol exploitationpublicly accessible infrastructureransomwarereconnaissancereconnaissance activityremote accessremote loginremote service exploitationremote servicesresearchedresource hijackingrtbhsansscannerscanning activityscripting attackssecurity operationssecurity policysecurity probingsensor-taggedsentrypeer botnetservice detectionservice discoveryservice enumerationservice scanservice version detectionsftp access attemptssftp attacksip scanningsmb scanningsmtpsmtp brute forcesocial engineeringsocradarsocradar honeypotspamssh attackssh monitoringstealth scanstealth scan techniquessweep scansynsyn port scansyn scansystem accesssystem discoveryt1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1055t1059t1059.003t1059.004t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1078.001t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1590.002t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized scanningunited statesuser enumerationverified-benignvoidtrapvoipvoip attackvulnerability scanweb application attackweb application attacksweb attackweb exploitweb exploitationweb shell uploadweb trafficxmas scan
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
32
Reports
First seenFeb 14, 2024
Last seenJun 17, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS202425
OrgAI Spera
Coords52.3676, 4.9041
VirusTotal
Not checked
WHOIS
- description
- 2024-11-16T18:32:22.000Z Honeypot : Honeytrap : Source: 185.242.226.39 : Port: 9024 Message: {'protocol': 'tcp', 'payload': {'md5_hash': '4fbe0dbd60cfbe7df17d6cae708f5e1f', 'data_hex': '474554202f20485454502f312e310d0a486f73743a2039392e31382e32362e32313a393032340d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f38382e302e343332342e313930205361666172692f3533372e33360d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a', 'length': 207, 'sha512_hash': '2a3e4950e6bb01accb824c315ae6643287e10a4d1d74b8c44ee670f8065ae778ef1c2bbb4dc1d85a58e092e3254c71d65cb6cf895cf64faec365a54265120548'}}
- raw
- NetRange: 185.0.0.0 - 185.255.255.255 CIDR: 185.0.0.0/8 NetName: RIPE-185 NetHandle: NET-185-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2011-01-04 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/185.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 10 days ago
Appeared in 32 threat reports