IPMediumSignal 80/100

`193.142.147.209`

Location

Netherlands

Amsterdam, North Holland

ASN

AS213438

ColocaTel Inc

First Seen

Dec 3, 2022

Last Seen

Jun 5, 2026

Dec 3

First Seen

1287d ago

Jun 5

Last Seen

8d ago

Reports

source reports

80%

Confidence

medium

Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

80%

Signal Score

80 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

112 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS213438

OrganizationColocaTel Inc

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

32 reports80% confidence

Source reports

80%

Confidence score

Category tags

abuseabusech-urlhaus-c2cacademic institutionsaccess controlaccess_violation_attemptaccommodation and food servicesaccommodation servicesactive scanactive scanningadbadb protocoladbhoney activityadbhoney exploitsadbhoney honeypotaerospace & defenseamaranth-dragonand exploitation attemptsandroidandroid devicesapacheapache attackerapache exploitsapache serverapache_exploitationapi servicesapkapp routerapplication layer protocolasciiasiaasyncratattackattack sourceattack source ipattacker ipattacker ipsattacker-ipattempted initial accessattempted intrusionaustraliaauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication-attemptsauthentication_bypassautomated attackautomated attacksautomated-attackautomotive manufacturingbackdoorbad reputationbad web botbankerbankingblacklist activityblacklist checkblacklist hitblacklist indicatorsblacklist ipblacklist ip activityblacklist ip detectionblacklist ip observedblacklisted ip activityblacklisted ip addressblacklisted ip detectionblog spambotnetbotnet activitybotnet connection attemptsbotnet_activitybotnetdomainbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackc2censyscertcgichinaciscocisco activitycisco asacisco asa targetedcisco attackscisco brute forcecisco devicecisco device targetingcisco exploitcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscisco exploitation probecivil servicescobaltstrikecode executioncoinminercommand & controlcommand and controlcommand executioncommand injectioncommand_injectioncommunication protocolcompromise attemptcompromised credentialscompromised hostcompromised host detectioncompromised systemcompromised systemsconnected devicesconpotconpot activityconpot honeypotconsumer goodscontent deliverycowriecowrie activitycowrie datacowrie detectioncowrie honeypotcowrie interactionscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential brute forcecredential brute forcingcredential compromisecredential harvestingcredential stuffingcredential-accesscredential-stuffingcredential_stuffingcredentialaccesscredentialscredit card servicescross-site scriptingcross_site_scriptingcryptocurrencycryptominingcvecve exploitationcwecyber securitydata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase exploitationdatabase exploitation attemptsdatabase probingdatabase securitydatabase_attackddosddos attackddos attack indicatorsddos attacksddos preparationddos reflectiondedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedenial-of-servicedevice managementdhcpdhcp activitydhcp attackdhcp attacksdhcp discoverydhcp enumerationdhcp reconnaissancedhcp scandhcp scanningdhcp starvationdionaeadionaea activitydionaea detectiondionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea payloadsdirectory traversaldirectory traversal attemptdirectory_traversaldistributed attacksdnsdns attackdonutloaderdropped-by-amadeydropperdropper activityearth lamiaeducational resourceseducational serviceseducational technologyelasticpot activityelasticpot honeypotelasticsearchelasticsearch activityelasticsearch attackelasticsearch attackselasticsearch brute forceelasticsearch enumerationelasticsearch exploitation attemptselasticsearch exposureelasticsearch monitoringelasticsearch reconnaissanceelasticsearch scanelasticsearch scanningelectronics manufacturingelfemailemerging threatsencodedencryptionenterprise networkingenumerationeu cyber policieseuropeeurope/asiaexeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit payload deliveryexploit probingexploit public-facing applicationexploit targetingexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexploitsexternal_scanningfailed loginfattfatt detectionsfatt signaturesfinancefinancial servicesfinancial technologyfleet managementfood servicesfrancefraud ordersfraud voipfreight servicesftpftp attackftp attacksftp brute forceftp brute-forcegeneric exploitgermanyget requestget request attacksgoproxygovernment technologyguest servicesguloaderhackinghajimeheralding activityhigher educationhoneypot datahoneytrap activityhoneytrap datahoneytrap eventshoneytrap honeypothoneytrap interactionshong konghospitality technologyhotelshttp brute forcehttp enumerationhttp probinghttp scannerhttp scanninghttpsics attacksics securityics/scada systemsidentity & access exploitationimapimap attackimap attacksimap brute forceimap scanimap scanninginbound communicationindicatorindicators of compromiseindustrial automationindustrial control systemsindustrial iotindustrial productioninformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial access attemptinitial access attemptsinjection activityinjection attacksinput validation bypassinternet of thingsinternet-facinginternet_probeintrusion detectioniociot analyticsiot applicationsiot attackiot attacksiot botnetiot device attacksiot device targetingiot devicesiot exploitationiot platformsiot securityiot systemsiot targetediot/ics attackip-addressesipphoney activityipphoney honeypotipv4ipv4 addressipv4 attacksipv4 indicatoripv4_addressit infrastructurejackpot pandak-12 educationknown malicious iplamplamp activitylamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attackslamp stack targetinglamp vulnerability scanlateral movementlateral movement attemptlateral movement attemptslcialdapldap attackldap attacksldap brute forceldap enumerationldap scanldap scanninglfilicenselinuxlinux malwarelinux systemlinux-server-attacklinux-server-attackslnklocal file inclusionlocal governmentlog analysislog injectionlog4jloginlogin attacklogin attemptlogin attemptslogin failureloginattackmail protocol abusemailoney activitymailoney attackmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious communication blockingmalicious emailmalicious email detectionmalicious ipmalicious loginmalicious login attemptmalicious network activitymalicious payloadmalicious payload detectionmalicious powershell activitymalicious scanmalicious script executionmalicious sftp activitymalicious sftp loginmalicious softwaremalicious software detectionmalicious ssh activitymalicious ssh loginmalicious trafficmalicious-activitymalicious-login-attemptsmalwaremalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware distributionmalware downloadmalware download attemptsmalware droppermalware probingmalware propagationmalware propagation attemptsmalware scanningmanufacturing technologymaritime transportmaskgramstealermass_scanning_campaignmemcache attackmemcache brute forcememcache scanmemcache scanningmemcached amplificationmemcached attackmemcached attacksmemcached exploitation attemptsmemcached exposurememcached reconnaissancememcached scanmemcached scanningmetastealermilitary operationsmiraimirai botnetmobilemobile securitymobile threatmodbusmodbus protocolmonthlymozimsimssqlmssql attackmssql attacksmssql brute forcemssql databasemssql scanmssql scanningmulti-protocol network scanningmultiple sqlmultiple xssmysql brute forcenation-state activitynational securitynetherlandsnetworknetwork activitynetwork attacksnetwork communicationnetwork devicenetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-scanningnetwork_reconnaissancenetwork_service_exploitationnew caledonianextraynlnorth americanotepad++ntpntp amplificationntp amplification attackntp amplification attemptntp attackntp attacksntp scanntp scanningnull scanoceaniaopen proxyopenctiopendiroracleoracle attackoracle attacksoracle brute forceoracle databaseoracle database activityoracle scanoracle scanningos command injectionot attacksoutbound trafficowaspowasp top 10p0fp0f signaturespassenger transportationpassword attackpassword attackspassword attemptpassword crackingpassword sprayingpassword-guessingpath traversalpath_traversalpayment processingphantomstealerphishingphishing attackphishing trapping of deathport-scanningpossible botnet activitypossible botnet infectionpossible credential reusepossible credential stuffingpossible exploitpossible exploit attemptpossible malware distributionpossible malware dropperpossible malware infectionpossible malware propagationpossible mirai variantpost requestpost request attackspost-exploitationpostgrespostgres brute forcepostgres scanpostgresql attackpostgresql attackspostgresql brute forcepostgresql scanningpotential botnetpotential botnet activitypotential compromisepotential credential theftpotential exploit activitypotential intrusionpotential lateral movementpotential vulnerability exploitationprivilege escalation attemptprobable vulnerability assessmentprocess injectionprocess manufacturingprotocol exploitationprotocol scanprotocol-abuseproxyproxy protocolps1public administrationpublic infrastructurepublic policypurelogsstealerqhoneypot activityqhoneypot detectionqhoneypot interactionquality controlquasarquasar-ratquasarratrail transportransomwareransomware activityratrcerdp attacksreact serverreact2shellreact2shell exploitation detectedreconnaissancereconnaissance activityredisredis activityredis attacksredis brute forceredis enumerationredis exploitation attemptsredis exposureredis honeypotredis scanredis scanningredishoneypotredishoneypot activityregional securityregulatory agenciesremcosratremote accessremote access attemptremote access attemptsremote code executionremote file inclusionremote serviceremote service exploitationremote servicesremote_accessremote_code_executionresearchedresource developmentresource hijackingrestaurant operationsretail traderev-base64-loaderreverse shellrfis7comms7comm protocolsaint helena, ascension and tristan da cunhasalatstealerscams & fraudscanscannerscanner activityscannersscanning activityscripting attacksscripting languagesecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer sip attacksserver exploitationserver-side vulnerabilityservice enumerationservice scanservice scanningservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp credential attacksftp probingsftp protocolsftp-attackshell uploadshellshocksingaporesipsip activitysip attackssip brute forcesip protocolsip scansip scanningsip vulnerability scansmart devicessmbsmb attackssmb brute forcesmb enumerationsmb scansmb scanningsmtpsmtp attackssmtp brute forcesmtp enumerationsmtp probingsnakekeyloggersnmpsnmp attackssnmp enumerationsnmp querysnmp reconnaissancesnmp scansocial engineeringsocks5socks5 attacksocks5 proxysocks5 proxy activitysocks5 proxy attemptsocks5 proxy detectionsocks5 proxy scansocks5 proxy scanningsocks5 proxy usesocks5 scansocks5 scanningsocradar honeypotsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql inyectionsql_injectionsshssh activityssh attackssh attacksssh monitoringssh protocolssh-brute-forcesshdkitstate sponsoredstealcsupply chain attacksupply chain compromisesupply chain managementsuricata alertssuspected malicious activitysyn scansystem discoverysystem information discoverysystembct-pott1003.001t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1027t1029t1040t1041t1046t1047t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1086t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1136t1187t1189t1190t1191t1192t1193t1194t1195t1196t1197t1198t1199t1202t1203t1204t1204.002t1210t1213t1486t1496t1497t1497.001t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1547.001t1550t1552.001t1555t1555.003t1555.004t1555.005t1555.006t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588.004t1589t1590t1590.001t1591t1592t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner eventstanner honeypottanner interactionstargeting databasetcptcp protocoltcp scantelecommunicationstelnettelnet attackstelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetourismtpottransportation and warehousingtransportation infrastructuretransportation technologytrojan malwareturkeyua-wgetudp port scanudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunauthorized_access_attemptunited kingdomunited statesunknown threat actorus based attackerus ip addressus ip sourceus origin trafficus sourceus source ipus-origin threatvalid accountsvidarvncvnc attacksvnc protocolvnc reconnaissancevnc scanvnc scanningvoipvoip attackvoip attacksvoip systemvoip systemsvpnvpn ipvulnerabilityvulnerability scanwealth managementweb apisweb app attackweb applicationweb application attackweb application attacksweb application exploitationweb application scanningweb application vulnerabilitiesweb applicationsweb attackweb attacksweb developmentweb exploit attemptweb exploit attemptsweb exploitationweb exploitation attemptsweb exploitsweb hostingweb infrastructureweb serverweb server probingweb serversweb servicesweb shellweb shell attemptsweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb_applicationweb_application_exploitationweb_serverwindows systemwsgidavxmas scanxssxss attemptxworm

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

80%

Confidence

Reports

First seenDec 3, 2022

Last seenJun 5, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS213438

OrgColocaTel Inc

Coords51.2993, 9.4910

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Port Scan 2023-07-15T20:41:00.479Z -> 193.142.147.209 scanned port 3389 on one of our servers
raw: inetnum: 193.142.147.0 - 193.142.147.255 netname: Colocatel-IP-Range descr: Colocatel Datacenter country: NL geoloc: 52.370216 4.895168 remarks: +----------------------------------------------- remarks: | This is a IP Range owned by ColocaTel! remarks: | For abuse/SPAM/Hacking/etc e-mail [email protected] remarks: | Anything else to [email protected] or also [email protected] remarks: | We do not always reply to abuse but make sure the problem will be solved! remarks: | NOC and Support always available 24x7! remarks: +----------------------------------------------- admin-c: CI2084-RIPE tech-c: CI2084-RIPE org: ORG-CI158-RIPE status: ASSIGNED PA created: 2024-06-12T20:39:06Z last-modified: 2025-02-11T14:14:29Z source: RIPE mnt-by: colocatel-mnt organisation: ORG-CI158-RIPE org-name: ColocaTel Inc. org-type: OTHER address: 306 Victoria House, Victoria Mahe, Seychelles country: SC abuse-c: ACRO59269-RIPE mnt-ref: colocatel-mnt mnt-ref: MNT-NETERRA mnt-by: colocatel-mnt created: 2025-02-10T13:31:15Z last-modified: 2025-07-29T13:48:10Z source: RIPE # Filtered role: Colocatel Inc. address: 306 Victoria House, Victoria Mahe, Seychelles abuse-mailbox: [email protected] nic-hdl: CI2084-RIPE mnt-by: colocatel-mnt created: 2025-02-10T13:29:19Z last-modified: 2025-02-10T13:33:07Z source: RIPE # Filtered route: 193.142.147.0/24 origin: AS213438 created: 2025-02-11T13:45:13Z last-modified: 2025-02-11T13:45:13Z source: RIPE mnt-by: colocatel-mnt
references: https://github.com/telekom-security/tpotce, https://www.greynoise.io/blog/react2shell-exploitation-consolidates, https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far, https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html

`193.142.147.209`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy