IPMediumSignal 41/100

`185.242.226.42`

Location

Netherlands

Amsterdam, Noord-Holland

ASN

AS202425

AI Spera

First Seen

Feb 14, 2024

Last Seen

Jun 17, 2026

Feb 14

First Seen

865d ago

Jun 17

Last Seen

11d ago

Reports

source reports

41%

Confidence

medium

Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

41%

Signal Score

41 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

89 techniques

Network Information

Country

Netherlands

RegionAmsterdam, Noord-Holland

ASNAS202425

OrganizationAI Spera

Feed Intelligence Summary

33 reports41% confidence

Source reports

41%

Confidence score

Category tags

abuseaccessaccess controlackack scanactive scanactive scanningadbadb protocoladbhoney activityadbhoney honeypotapacheapache attackerapplication layer protocolaptatif feedattackattacker ipattacker-ipaustraliaauthentication attackauto-generated securityautomated attackbad reputationbanlist feedbeningbening scannerbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationcertcisco attackcisco devicecisco device attackcisco device targetedcisco device targetingcisco exploit attemptcisco exploitation attemptcisco exploitation attemptscitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised system attemptconfiguration manipulationconfiguration modificationconnect scanconpotconpot activityconpot honeypotconpot ics attackconpot ics exploitationcowriecowrie activitycowrie honeypotcowrie interactionscowrie sshcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential harvestingcredential stuffingcriminal_ip-benigncron injectiondata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase securityddosddos attackddos attacksddos attemptdecoy systemdefense evasiondenial of servicedevice managementdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondirectory traversal probedistributed attacksdnsdns attackdropperelasticpot attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenumeration activityeuropeexploitexploit attemptexploit kit activityexploit probingexploit scanexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexternal scanfattfinfin port scanfin scanfirewall detectionfirewall evasionfirewall probingftpftp brute forcegithubgroupshackingheralding probeshoneytrap honeypothttp brute forcehttp probehttp scannerhttp scanninghttps probehttps scanningicmpicmp scanics securityidentity & access exploitationimapimap brute forceindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternal scaninternet of thingsintrusion detectioniociot botnetiot device attackiot securityiot/ics attackkfsensor honeypotlamplamp attacklamp attack attemptlamp exploitlamp exploitationlamp exploitation attemptslamp server targetinglamp stack attacklamp stack targetinglateral movementmail service attackmailoney activitymailoney email spoofingmailoney honeypotmaimon scanmalicious activitymalicious login attemptsmalicious network activitymalicious payloadmalicious softwaremalicious trafficmalwaremalware attemptmalware behaviourmalware capturemalware distributionmalware droppermalware installationmalware-related botnet activitymanualmass port scanmass scanningmasscanmirai botnetmobilemobile securitymodule loadingmysql brute forcenetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork traffic analysisnlnmapnorth americanull port scannull scanoceaniaopen port detectionopen port identificationos credential dumpingos detectionos fingerprintingp0fpassword attackpassword attackspassword cracking attemptspassword sprayingphishingphishing attackphishing trapping of deathpop3 brute forcepossible botnet activitypossible botnet infectionpossible exploit attemptspossible malware distributionpossible malware payloadpossible malware probingpossible vulnerability probingpotential attack vectorpotential botnet activitypotential compromisepotential exploit targetingpotential intrusion attemptpotential malware deploymentpotential malware distributionpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationpythonransomwarercereconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityremote accessremote service exploitationremote servicesreplication attackresearchedresource hijackingrtbhsansscanscannerscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer p2p attacksentrypeer targetingserver exploitationservice detectionservice discoveryservice enumerationservice scanservice version detectionsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp scanningsipsip brute forcesip scanningslaveofslugsmb scanningsmtpsmtp brute forcesmtp probingsocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injection attemptsql injection probesshssh attackssh key injectionssh monitoringstealthstealth scanstealth scan techniquessurface websuricata alertsuspected malicious activitysweep scansynsyn port scansyn scansystem accesst-pott1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1057t1059t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1199t1202t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.003t1505.004t1539t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1588.002t1589t1589.001t1589.002t1590t1590.001t1590.002t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploit kittanner honeypot activitytanner web attacktargeted scantargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpottsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized probingunauthorized scanningunited statesverified-benignversion detectionvoidtrapvoipvoip attackvulnerability scanweb application attackweb application attacksweb application probingweb attackweb exploitweb exploitationweb spamweb trafficwindow scanxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

41%

Confidence

Reports

First seenFeb 14, 2024

Last seenJun 17, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, Noord-Holland

ASNAS202425

OrgAI Spera

Coords52.3785, 4.9000

VirusTotal

Not checked

WHOIS

description: 2024-12-22T08:11:58.791Z Honeypot : ConPot : Source: 185.242.226.42 : Port: 50100 Data Type: kamstrup_management_protocol Event Type: None
raw: NetRange: 185.0.0.0 - 185.255.255.255 CIDR: 185.0.0.0/8 NetName: RIPE-185 NetHandle: NET-185-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2011-01-04 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/185.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

`185.242.226.42`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey