IOC Radar
IPMediumSignal 44/100

185.81.114.15

Location
NetherlandsNetherlands
Amsterdam, Noord-Holland
ASN
AS59711
HZ Na14
First Seen
May 20, 2025
Last Seen
Jun 11, 2026
May 20
First Seen
393d ago
Jun 11
Last Seen
6d ago
8
Reports
source reports
44%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
44%
Signal Score
44 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, Noord-Holland
ASNAS59711
OrganizationHZ Na14

Feed Intelligence Summary

8 reports44% confidence
8
Source reports
44%
Confidence score
Category tags
active scanai evasionalert schemeangry likhoawaken likhoblack owlbo teambotnetbotnet activitybrute forcebrute_forcecertchromecommand and controlcore werewolfcredential accesscredential harvestingcredential stuffingcredential_accessdarkgaboondata exfiltrationdata store exposuredistributed attackseuropeeurope/asiaexploitation activityfairy wolffileftpgamacopyhive0117hoody hyenahydraulicsidentity & access exploitationindicatorinjection activityiot securitylateral movementlibrarian ghoulslifting zmiylockbitlone wolfmalicious softwaremalwaremalware droppermoonshine trickstermulti-stage droppernetherlandsnetworknetwork securitynetwork_reconnaissancenloffice vulnerabilityphishingphishing attackprocess injectionproduct supplyprosperous werewolfprotocol exploitationpseudogamaredonransomwarerare werewolfremote accessremote servicesresearchedrezetroom155sandbox evasionsapphire werewolfsocial engineeringssh attacksticky werewolft1003.001t1021t1021.001t1027t1040t1041t1055t1057t1059t1059.001t1068t1071t1071.001t1071.002t1076t1078t1082t1105t1110t1110.002t1190t1195.001t1204t1204.002t1210t1486t1496t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1574.001t1595ta toliktaxoffteam46telnet threatthreat actorturkeyurgentvengeful wolfvulnerability scanwatch wolfwerewolveszero-day exploit

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

· Peak: 2026-06-11
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
44
SIGNAL
Signal Score
44%
Confidence
8
Reports
First seenMay 20, 2025
Last seenJun 11, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, Noord-Holland
ASNAS59711
OrgHZ Na14
Coords52.3676, 4.9041

VirusTotal

Not checked

WHOIS

description
CC=NL ASN=AS59711 hz hosting ltd
raw
inetnum: 185.81.114.0 - 185.81.115.255 netname: HZ-NA14 country: NL admin-c: VD3206-RIPE tech-c: VD3206-RIPE status: ASSIGNED PA mnt-by: HZ-HOSTING-LTD created: 2015-08-17T14:20:48Z last-modified: 2016-11-28T18:15:26Z source: RIPE person: Vilko Damianov address: 4000, Bulgaria, Plovdiv, 2 Lyuben Karavelov, unit 5 phone: +35932571279 nic-hdl: VD3206-RIPE mnt-by: HZ-HOSTING-LTD created: 2016-11-28T15:25:07Z last-modified: 2016-11-28T15:25:07Z source: RIPE route: 185.81.114.0/24 origin: AS59711 mnt-by: HZ-HOSTING-LTD created: 2022-06-28T13:45:19Z last-modified: 2022-06-28T13:45:19Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 8 threat reports