IPMediumSignal 40/100

`185.242.226.6`

Location

Netherlands

Amsterdam, North Holland

ASN

AS202425

AI Spera

First Seen

Feb 14, 2024

Last Seen

Jun 17, 2026

Feb 14

First Seen

860d ago

Jun 17

Last Seen

6d ago

Reports

source reports

40%

Confidence

medium

Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

40%

Signal Score

40 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

83 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS202425

OrganizationAI Spera

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

28 reports40% confidence

Source reports

40%

Confidence score

Category tags

abuseaccess controlaccount discoveryackack scanactive scanactive scanningadbadb exploitapacheapache attackerapplication layer protocolaptattackaustraliabad reputationbad web botbeningbening scannerblacklist ipbotnetbotnet activitybrazilbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc&c communicationc2c2 servercertcisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitation attemptscitrix attack attemptcitrix exploitation attemptcitrix exploitation attemptscitrix securitycommand & controlcommand and controlcommand executioncommunication protocolcompromised hostsconfig manipulationconfiguration modificationconnect scancowrie activitycowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcriminal_ip-benigncron injectiondata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase exploitationdatabase securityddosddos activityddos attackddos attacksddos attemptdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdionaea interactionsdistributed attacksdropperencryptionenterprise networkingenterprise securityenumerationenumeration attempteuropeexploitexploit attemptexploitationexploitation activityexploitation of privilegefattfinfin port scanfin scanfirewall detectionfirewall detection probefirewall evasionfirewall probingftpftp brute forcefull connect scanhackinghoneytrap honeypothttp brute forcehttp probehttp scannerhttp scanninghttps probehttps scanningidentity & access exploitationids evasionimap brute forceindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinternet of thingsintrusion attemptintrusion detectioniociot botnetiot securityiot/ics attacklamplamp attacklamp attack attemptlamp exploitationlamp exploitation attemptslamp stack attacklamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious adb activitymalicious payloadmalicious scanmalicious softwaremalwaremalware attemptmalware behaviourmalware capturemalware distributionmalware hostingmanualmass scanningmasscan activitymassive port scanmirai botnetmobilemobile securitymodule loadingnetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnlnmap scannmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port enumerationopen port identificationos detectionos fingerprintingos fingerprinting attemptp0fpassword attackpassword attackspassword crackingphishingphishing attackphishing trappop3 brute forcepossible malicious activitypossible malware distributionpossible malware probingpossible reconnaissancepossible vulnerability probingpossible vulnerability scanningpotential attack vectorpotential botnet activitypotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability scanprocess injectionprotocol exploitationproxyproxy protocolransomwarercereconnaissancereconnaissance activityremote accessremote servicesreplication attackresearchedresource hijackingsansscanscannerscanning activityscripting attackssecurity eventsecurity policysensor-taggedsentrypeer botnetserver exploitationservice detectionservice discoveryservice enumerationservice scanservice version detectionsftp access attemptssftp attacksip scanningslaveofsmb scanningsmtpsmtp brute forcesocial engineeringsocradarspamspam distributionsql injection attemptssh attackssh key injectionssh monitoringstealthstealth scansynsyn port scansyn scansystem accesssystem administrationsystem discoveryt1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1048t1053t1055t1057t1059t1059.001t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1136.001t1189t1190t1199t1202t1203t1204t1204.002t1205t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1539t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1573t1574.001t1583t1587.001t1588t1588.002t1589t1589.001t1589.002t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003tannertargeted scantargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottsecudp port scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized probingunauthorized scanningunited statesuser enumerationvalid accountsverified-benignversion detectionvoipvoip attackvulnerabilityvulnerability scanweb application attackweb application attacksweb attackweb exploitweb exploitationweb server exploitationweb shell uploadweb trafficxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

40%

Confidence

Reports

First seenFeb 14, 2024

Last seenJun 17, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS202425

OrgAI Spera

Coords52.3676, 4.9041

Proxy

VirusTotal

Not checked

WHOIS

description: 2024-11-03T18:20:37.000Z Honeypot : Honeytrap : Source: 185.242.226.6 : Port: 12398 Message: {'payload': {'md5_hash': '418e9e42c281bdf0521aaf72cef73383', 'sha512_hash': '8e92ba00cf3f3a6e8fe69519f0964ee9964ff338079df4b03f4a108cbbcb70819acc1832f24fe731bb18a0716b9fb50eecf37439901c814fa9b9ac52dd8d228a', 'length': 208, 'data_hex': '474554202f20485454502f312e310d0a486f73743a2039392e31382e32362e32313a31323339380d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f38382e302e343332342e313930205361666172692f3533372e33360d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a'}, 'protocol': 'tcp'}
raw: NetRange: 185.0.0.0 - 185.255.255.255 CIDR: 185.0.0.0/8 NetName: RIPE-185 NetHandle: NET-185-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2011-01-04 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/185.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

`185.242.226.6`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey