IPMediumSignal 81/100

`185.93.89.154`

Location

Netherlands

Eygelshoven, England

ASN

AS213790

Limited Network LTD

First Seen

May 21, 2025

Last Seen

Jun 14, 2026

May 21

First Seen

400d ago

Jun 14

Last Seen

11d ago

Reports

source reports

81%

Confidence

medium

Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

81%

Signal Score

81 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

53 techniques

Network Information

Country

Netherlands

RegionEygelshoven, England

ASNAS213790

OrganizationLimited Network LTD

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

21 reports81% confidence

Source reports

81%

Confidence score

Category tags

abuseaccount compromiseactive scanactive scanningadbadb protocolaeaerospace & defenseaptasiaattackattack attemptattack vectorsattacker ipsaustraliaautomated attackautomated scanbad reputationbad web botbankingbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcebruteforcecanadacertcisco devicecisco device attackcisco device targetingcisco exploitationcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecommand and controlcommunication protocolcommunication technologiescompromised credentials attemptcompromised hostsconpot honeypotconsumer goodscowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential theftcredit card servicesdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandigitalocean environmentdionaeadionaea honeypotdistributed attacksdropperencryptionenterprise networkingenumerationeuropeexploitexploit attemptexploitationexploitation activityexploitation of privilegeexploited hostfattfinancefinancial servicesfinancial technologyfraudfraudulent activityftpftp brute forcegbgovernment technologyhackinghoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanningics securityidentity & access exploitationinbound scanindicatorindustrial control systemsinformation technologyinfrastructure targetinginitial accessinitial access vectorinjection activityinjection attacksinternet-facing assetsinternet-wide scanintrusion detectioniociot device attackiot securityiot targetediot/ics attackipqsipv4iranit infrastructurelamplamp exploitationlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglamp vulnerability scanlateral movementmailoney honeypotmalicious activitymalicious ipmalicious ipsmalicious ipv4malicious scanmalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware droppermalware propagationmediamilitary operationsmiraimobilemobile carriersmobile networksmobile securitymssqlnational securitynetherlandsnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork_enumerationnetwork_reconnaissancenlnorth americaoceaniap0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathportscanpossible exploit attemptspossible malware heraldingpossible mirai variantprotocol exploitationproxyproxy detectionpublic administrationpublic infrastructurepublic policyransomwarerdp exploitationrdp scanningreconnaissanceregulatory agenciesremote accessremote service exploitationremote servicesresearchedresource hijackingretail tradescams & fraudscanscannerscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionservice probingservice scansftp access attemptsftp activitysftp attacksftp exploitation attemptsip brute forcesip scanningsmtpsmtp brute forcesocial engineeringsoftware developmentsoftware exploitationspamspammingsql injectionsql serversshssh attackssh exploitationssh monitoringsystem accesst-pott1016t1018t1021t1021.001t1021.002t1040t1041t1046t1059t1059.003t1059.004t1059.007t1064t1071t1071.001t1076t1077t1078t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1563t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1589t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor detectiontor nodetorontotpotudp port scanunauthorized accessunauthorized probingunauthorized_access_attemptunited kingdomunknown threat actorvoipvoip attackvpnvpn detectionvulnerability scanvulnerability-exploitationvultrwealth managementweb app attackweb application attackweb attackweb attacksweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

81%

Confidence

Reports

First seenMay 21, 2025

Last seenJun 14, 2026

GeolocationNL

CountryNetherlands

LocationEygelshoven, England

ASNAS213790

OrgLimited Network LTD

Coords51.5072, -0.1276

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: inetnum: 185.93.89.128 - 185.93.89.255 org: ORG-LA1969-RIPE netname: AMWAJ country: AE admin-c: MK17520-RIPE tech-c: MK17520-RIPE status: LIR-PARTITIONED PA mnt-by: wcd created: 2025-10-30T09:32:41Z last-modified: 2025-12-31T09:46:27Z source: RIPE organisation: ORG-LA1969-RIPE org-name: Limited Network LTD org-type: OTHER address: Jefferson Place 1 Fernie Street, Manchester, England, M4 4BN country: GB abuse-c: ACRO58261-RIPE mnt-ref: LimitedNetwork-MNT mnt-ref: wcd mnt-by: LimitedNetwork-MNT created: 2024-11-19T13:19:56Z last-modified: 2025-12-31T09:38:17Z source: RIPE # Filtered person: DWCI NET address: no 808 mak shahriar brian merdiani burdubai alkhaleej tejari ,dubai, UAE phone: +971523326424 nic-hdl: MK17520-RIPE mnt-by: wcd created: 2015-01-27T10:15:09Z last-modified: 2023-01-25T14:45:46Z source: RIPE route: 185.93.89.0/24 origin: as213790 created: 2025-12-31T09:44:09Z last-modified: 2025-12-31T09:44:09Z source: RIPE mnt-by: wcd

`185.93.89.154`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey