IPMediumSignal 81/100

`192.42.116.106`

Location

Netherlands

Amsterdam, North Holland

ASN

AS215125

TOR Exit and More

First Seen

Feb 24, 2026

Last Seen

Jun 9, 2026

Feb 24

First Seen

106d ago

Jun 9

Last Seen

yesterday

Reports

source reports

81%

Confidence

medium

Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

81%

Signal Score

81 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

45 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS215125

OrganizationTOR Exit and More

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

21 reports81% confidence

Source reports

81%

Confidence score

Category tags

abuseactive scanactive scanningafricaanonymization networkanonymization network activityanonymization network iocsanonymization network usageanonymized attack activityanonymous attack sourceanonymous proxyanonymous_proxyaptargentinaasiaattackaustraliaauthentication attemptsautomated attackbad reputationbad web botbangladeshbelgiumblocklistblog spambotnetbotnet activitybrazilbrute forcebrute force attackbrute force attemptsbrute-forcebrute_forcebruteforcec2 communicationcanadachinacommand & controlcommand and controlcommunication protocolcowriecredential accesscredential attackcredential guessingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingdarkforumsdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdenial of servicedionaeadistributed attacksencryptioneuropeeurope/asiaevasionexploitexploitation activityexploited hostexternal proxyfattfinlandfrancefraud ordersftpftp brute forceftp brute-forceftp_brute_forceftp_servicegermanyhackinghong konghttp brute forcehttp probinghttp scannerhttp scanninghttp_brute_forcehttpshttps scanningidentity & access exploitationindiaindicators of compromiseindicators_of_compromiseindonesiainformation technologyinitial_accessinitial_access_attemptinjection activityinjection attacksinternet_background_noiseiocip-onlyirelandit infrastructurejapankenyakill-chain exploitationkill-chain reconnaissancekorea, republic ofkyrgyzstanlateral movementlithuanialow-riskmalaysiamalicious activitymalicious ip addressesmalicious softwaremalicious trafficmalicious_ipsmalicious_trafficmalwaremexicomonthlymoroccomssql_brute_forcenetherlandsnetworknetwork intrusionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork_attacknetwork_enumerationnetwork_reconnaissancenetwork_service_probingnetworkmonitoringnew zealandnlnorth americanorwayoceaniaopen proxyopencanaryopportunistic_attackerosintp0fpassword attacksphilippinesphishingpolandpossible botnet activityprocess injectionprotocol exploitationproxyproxy ip addressesproxy networkproxy serverproxy server activityproxy_trafficproxy_usageransomwareraspberry-pirdp_brute_forcerdp_servicereconnaissancereconnaissance_activityremote accessremote servicesresearchedromaniarussiarussian federationscams & fraudscannerscanning activitysecurity operationssensor-taggedserbiasingaporesmb_enumerationsmb_servicesmtp brute forcesmtp_brute_forcesocradar honeypotsoftware developmentsouth africasouth americaspamsql injectionsshssh attackssh_brute_forcessh_servicesuspicioustrafficswedensyrian arab republict1001t1018t1021t1021.001t1021.002t1040t1046t1055t1059t1059.003t1071t1071.001t1076t1077t1078t1087t1090t1090.002t1090.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1564.004t1565t1573.002t1589t1590t1590.005t1592t1595t1595.001t1595.002t1595.003taiwantannertargeting databasetelnettelnet threatthreat actorthreat intelligencethreat-inteltortor networktor nodetor node indicatorstor_traffictpotukraineunauthorized access attemptunauthorized_accessunited arab emiratesunited kingdomunited statesvenezuela, bolivarian republic ofvpnvpn ip addressesvpn servicevpn_trafficvulnerability scanvulnerability-exploitationweb app attackweb application attackweb application scanningweb brute forceweb exploitationweb spamweb trafficweb_service_scanning

Activity Timeline

1 total obs

Jun 9Jun 9

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

81%

Confidence

Reports

First seenFeb 24, 2026

Last seenJun 9, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS215125

OrgTOR Exit and More

Coords52.3676, 4.9041

ProxyVPN

VirusTotal

Not checked

WHOIS

description: tor search result.

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

medium

First detected 3 months ago · Last seen 1 day ago

Appeared in 21 threat reports