IPMediumSignal 38/100
185.242.226.5
Location
NetherlandsAmsterdam, NH
ASN
AS202425
AI Spera
First Seen
Feb 14, 2024
Last Seen
Jun 17, 2026
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionAmsterdam, NH
ASNAS202425
OrganizationAI Spera
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
31 reports38% confidence
31
Source reports
38%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount securityackack scanactive scanactive scanningadministrative accessaerospace & defenseapacheapache attackeraptatif feedattackattacker-ipaustraliaauthentication abuseauthentication attemptsauto-generated securitybad reputationbad web botbankingbanlist feedbeningbening scannerbinary defenseblacklist ipbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationc2 servercertcisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitation attemptscitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescompromised hostcompromised hostsconfig manipulationconnect scanconsumer goodscowrie activitycowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredential theftcredit card servicescriminal_ip-benigncron injectiondata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase exploitationdatabase securitydcom exploitationddosddos attackddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaea activitydionaea honeypotdionaea interactionsdirectory traversal probedistributed attacksencryptionenterprise networkingenterprise securityenumerationeuropeexploitexploit attemptexploitationexploitation activityexploitation of privilegeexternal network scanexternal scanfailed login attemptsfattfinfin port scanfin scanfinancefinancial servicesfinancial technologyfirewall detectionfirewall evasionfraudfraudulent activityftpftp brute forcefull connect scanhackinghoneytrap honeypothttp brute forcehttp probehttp scannerhttps probeidentity & access exploitationindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackipqsit infrastructurelamplamp attacklamp attack attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlateral movement techniqueslinux malwaremailoney honeypotmalicious activitymalicious network activitymalicious payloadmalicious scanmalicious softwaremalwaremalware attemptmalware behaviourmalware capturemalware distributionmalware download attemptsmanualmass scanningmasscanmasscan activitymediamicrosoft technologiesmilitary operationsmirai botnetmobile carriersmobile networksmodule loadingmysql brute forcenational securitynetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnlnmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port identificationoperating systemoperating system securityos detectionos fingerprintingp0fpassword attackpassword attackspassword crackingpayment processingphishingphishing attackphishing trapphp injection attemptsping of deathpossible malware distributionpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpotential botnet activitypotential exploit attemptspotential exploit targetingpotential intrusionpotential intrusion attemptpotential reconnaissance activitypotential vulnerability assessmentpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobing activityprocess injectionprotocol exploitationproxyproxy detectionproxy protocolransomwarercerdp exploitationreconnaissancereconnaissance activityremote accessremote service exploitationremote servicesresearchedresource hijackingretail traderpcsansscams & fraudscanscannerscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetserver exploitationservice detectionservice discoveryservice enumerationservice scanservice version detectionsftp access attemptssftp attackslaveofsmtpsmtp brute forcesocial engineeringsocradarsoftware developmentspamspammingsql injection attemptsql injection attemptssql injection probessh attackssh exploitationssh key injectionssh monitoringstealthstealth scansuspected malicious activitysweep scansynsyn port scansyn scansystem accesssystem discoveryt-pott1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1055t1059t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1136.001t1189t1190t1195t1199t1203t1204.002t1205t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505.004t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1567.001t1573t1573.001t1574.001t1587.001t1588t1589t1589.001t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeted scantargeting databasetcp protocoltcp scanningtelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor detectiontor nodetpottsecudp port scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized probingunauthorized scanningunited statesverified-benignversion detectionvoidtrapvoipvoip attackvpnvpn detectionvulnerabilityvulnerability scanwealth managementweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb server exploitationweb trafficwindows malwarexmasxmas port scanxmas scanzmap
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
31
Reports
First seenFeb 14, 2024
Last seenJun 17, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, NH
ASNAS202425
OrgAI Spera
Coords52.5024, 4.8077
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- 2024-11-24T20:21:22.000Z Honeypot : Honeytrap : Source: 185.242.226.5 : Port: 12233 Message: {'payload': {'data_hex': '474554202f20485454502f312e310d0a486f73743a2039392e31382e32362e32313a31323233330d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f38382e302e343332342e313930205361666172692f3533372e33360d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a', 'md5_hash': '13270934171a221b04af2424749b4d6a', 'sha512_hash': 'fe6af372a02df5f87b390eec6ef91e3639a89ae10c33472c8a0c454855e0afef50d0b1bca1cd98a6253296f2976a0d2424ff1357d70ceabf7a33d2a46cb66b28', 'length': 208}, 'protocol': 'tcp'}
- raw
- NetRange: 185.0.0.0 - 185.255.255.255 CIDR: 185.0.0.0/8 NetName: RIPE-185 NetHandle: NET-185-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2011-01-04 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/185.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
- references
- https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, http://cinsscore.com/list/ci-badguys.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 8 days ago
Appeared in 31 threat reports