IPMediumSignal 36/100
185.242.226.47
Location
NetherlandsAmsterdam, North Holland
ASN
AS202425
AI Spera
First Seen
Feb 14, 2024
Last Seen
Jun 17, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionAmsterdam, North Holland
ASNAS202425
OrganizationAI Spera
Feed Intelligence Summary
29 reports36% confidence
29
Source reports
36%
Confidence score
Category tags
abuseaccess controlackack scanactive scanactive scanningadbhoney activityadbhoney honeypotapacheapache attackerapplication layer protocolapplication scanningattackauthentication abuseauthentication attemptsbad reputationbanner grabbing attemptbeningbening scannerbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcec2c2 servercertciscocisco attackcisco devicecisco device targetingcisco exploitation attemptscitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycommand & controlcommand and controlcommunication protocolcompromised hostsconnect scanconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcriminal_ip-benigndata exfiltrationdata store exposuredata theftdatabase exploitationdatabase probingddosddos attemptdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea honeypotdionaea interactionsdistributed attacksemailenterprise networkingenterprise securityenumerationenumeration attempteuropeexploit attemptexploitationexploitation activityexploitation of privilegeexternal network scanexternal scanfailed login attemptsfinfin port scanfin scanfirewall detectionfirewall evasionftpftp brute forcefull connect scanheralding activityhoneytrap activityhoneytrap honeypothttp brute forcehttp probehttp probinghttp scannerhttp scanninghttps probehttps scanningicmpics securityidentity & access exploitationids evasionimap brute forceindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure discoveryinitial accessinjection activityiociot securityiot/ics attackipphoney honeypotlamplamp attacklamp attack attemptlamp exploitlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp stack targetinglateral movementlateral movement techniquesmailoney activitymailoney honeypotmalicious activitymalicious emailmalicious ip activitymalicious payloadmalicious softwaremalicious_trafficmalwaremalware attemptmalware behaviourmalware capturemalware distributionmalware download attemptmanualmass scanningmass scanning activitymasscanmassive port scannetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_intrusionnlnmapnmap scannorth americanull port scannull scanopen port detectionopen port enumerationopen port identificationos detectionos fingerprintingpassword attackpassword attacksphishingphishing attackphishing trappop3 brute forcepossible malicious activitypossible malware distributionpossible malware probingpossible reconnaissancepossible vulnerability scanpotential botnet activitypotential exploit attemptspotential intrusionpotential intrusion attemptpotential reconnaissance activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote service exploitationremote service interactionremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssecurity policysentrypeer activitysentrypeer botnetservice detectionservice discoveryservice enumerationservice scanservice version detectionsftpsftp access attemptssftp activitysftp attacksipsip brute forcesip scanningsmb scanningsmtp brute forcesocial engineeringsocradarspamsql injection attemptsshssh attackssh monitoringstealthstealth scansurface websweep scansynsyn port scansyn scant1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1048t1055t1057t1059t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204t1204.002t1205t1210t1213t1486t1496t1499.001t1499.002t1499.003t1539t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1583t1587.001t1588t1588.002t1589t1589.001t1589.002t1590t1590.001t1590.002t1592t1595t1595.001t1595.002t1595.003tannertargeted scantargeting databasetcp protocoltcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeudp port scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunauthorized scanningunited statesverified-benignversion detectionvoipvoip attackvulnerability scanweb application attacksweb attackweb exploitationweb server exploitationweb trafficxmasxmas port scanxmas scanzmap
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
29
Reports
First seenFeb 14, 2024
Last seenJun 17, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS202425
OrgAI Spera
Coords52.3676, 4.9041
VirusTotal
Not checked
WHOIS
- description
- 2025-06-03T21:09:25.000Z Honeypot : Honeytrap : Source: 185.242.226.47 : Port: 2363 Message: {'protocol': 'tcp', 'payload': {'md5_hash': '322a1d56030a95809022c86dd7fcb099', 'data_hex': '1603010089010000850303f6ed63218a9b308cc2e6567b74372c45f6aaab46574c610b808bba98955ca84000001ac02fc02bc011c007c013c009c014c00a0005002f0035c012000a0100004200000010000e00000b39392e31382e32362e3139000500050100000000000a00080006001700180019000b00020100000d000a00080401040302010203ff01000100', 'sha512_hash': '41668367dbcca21758950113af3c29c4d52e2b6dc2c5ea280a5eeb473f86df69713f0825c0efd7fafb9208b6d05ae1d30d30f1eed3b9eef1898cc4b33f284f5d', 'length': 142}}
- raw
- NetRange: 185.0.0.0 - 185.255.255.255 CIDR: 185.0.0.0/8 NetName: RIPE-185 NetHandle: NET-185-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2011-01-04 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/185.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 9 days ago
Appeared in 29 threat reports