IOC Radar
IPMediumSignal 41/100

185.243.112.223

Location
NetherlandsNetherlands
Dronten, Flevoland
ASN
AS208258
GWY IT PTY LTD
First Seen
Oct 13, 2023
Last Seen
Jun 3, 2026
Oct 13
First Seen
974d ago
Jun 3
Last Seen
10d ago
9
Reports
source reports
41%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

17 techniques

Network Information

CountryNLNetherlands
RegionDronten, Flevoland
ASNAS208258
OrganizationGWY IT PTY LTD

Feed Intelligence Summary

9 reports41% confidence
9
Source reports
41%
Confidence score
Category tags
abuseactive scanactive scanningalienvault_ransomwarealiveasiabad reputationbrute forcec servercertcivil servicescommunication technologiescredential accesscredential harvestingcredential stuffingcurcorecurkeepcurkeep backdoorcurkeep payloadcurlogdante discoveryeuropeexploitation activityftp brute forcegovernment technologyhttp brute forceidentity & access exploitationindicatorinfrastructure acquisitionreconnaissancekazakhstanmalwaremanualmobile carriersmobile networksnetherlandsnetworknetwork reconnaissancenetwork scanningnlpassword attackphishingphishing attackpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote servicesresearchedsocial engineeringssh attackstayinsyn scant1021.001t1046t1059t1076t1110t1110.002t1190t1563t1566.001t1566.002t1566.003t1587.001t1590.001t1595t1595.001t1595.002t1595.003tcp scantelecomtelecom servicestelecommunicationsthreat actortoddycattoolstor nodeturkeyudp scanuzbekistanvietnam

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
9
Reports
First seenOct 13, 2023
Last seenJun 3, 2026
GeolocationNL
CountryNetherlands
LocationDronten, Flevoland
ASNAS208258
OrgGWY IT PTY LTD
Coords52.3824, 4.8995

VirusTotal

Not checked

WHOIS

raw
inetnum: 185.243.112.0 - 185.243.112.255 netname: CrownCloud descr: CrownCloud country: NL org: ORG-GIPL1-RIPE admin-c: GT7540-RIPE tech-c: GT7540-RIPE status: ASSIGNED PA mnt-domains: A2-MNT mnt-routes: A2-MNT mnt-by: A2-MNT created: 2019-07-01T22:38:17Z last-modified: 2019-08-14T11:05:28Z source: RIPE organisation: ORG-GIPL1-RIPE org-name: GWY IT PTY LTD org-type: OTHER address: Moore Street 26 address: 6225 address: Collie address: AUSTRALIA abuse-c: ACRO13747-RIPE mnt-ref: A2-MNT mnt-by: A2-MNT created: 2016-11-14T11:03:29Z last-modified: 2019-08-22T20:36:09Z source: RIPE # Filtered person: Graeme Tee address: Moore Street 26 address: 6225 Collie, Australia phone: +61411405403 nic-hdl: GT7540-RIPE mnt-by: A2-MNT created: 2016-11-14T11:06:31Z last-modified: 2019-08-22T20:44:51Z source: RIPE route: 185.243.112.0/24 origin: AS205406 created: 2026-05-19T10:39:47Z last-modified: 2026-05-19T10:39:47Z source: RIPE mnt-by: A2-MNT route: 185.243.112.0/24 origin: AS208258 mnt-by: A2-MNT created: 2020-06-11T13:30:04Z last-modified: 2020-06-11T13:30:04Z source: RIPE
references
https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/, Advisory No-ESAF-CDC-SOC-TI-214 Asian Governments and Telecom Giants.pdf

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 10 days ago
Appeared in 9 threat reports