IOC Radar
IPMediumSignal 100/100

194.48.251.77

Location
NetherlandsNetherlands
Frankfurt Am Main, Hesse
ASN
AS48314
Gwy It Pty Ltd
First Seen
Feb 27, 2024
Last Seen
Aug 6, 2025
Feb 27
First Seen
846d ago
Aug 6
Last Seen
320d ago
13
Reports
source reports
99%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryNLNetherlands
RegionFrankfurt Am Main, Hesse
ASNAS48314
OrganizationGwy It Pty Ltd

Feed Intelligence Summary

13 reports99% confidence
13
Source reports
99%
Confidence score
Category tags
abuseaccessaccess controlactive scanningadbhoney honeypotattackbotnetbrute forcebrute force attackciscocisco devicecitrix securitycommand and controlcommunication protocolconnectcowriecowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdedecoy systemdevice managementdictionary attackdionaeadionaea activitydionaea honeypotdistributed attacksemailenterprise networkingenterprise securityenumerationexploit attemptsfin scanftp brute forcegithubgroupsheralding activityhoneytrap honeypotindicatorinfrastructure acquisitionreconnaissancelamplamp attackmailoney activitymailoney honeypotmalicious activitymalicious softwaremalicious_activitymalwaremalware behaviourmalware capturemalware propagationmanualnetherlandsnetworknetwork infrastructurenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynlnull scanpassword attacksphishingphishing attackphishing trappossible reconnaissance activityprocess injectionpythonreconnaissanceresearchedresource hijackingscannerscriptscripting attackssecurity policysentrypeer activitysentrypeer botnetservice discoveryservice enumerationsftpsftp attacksftp attemptsipsip scanningslugsmtp brute forcesocial engineeringsshssh attackssh monitoringsurface websyn scant1018t1021t1021.001t1021.002t1021.006t1040t1041t1046t1047t1053t1055t1059t1059.004t1059.007t1068t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannertanner activitytcptelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventionudp port scanunauthorized accessunauthorized access attemptunited statesvoipvoip attackweb application scanningweb attackweb exploitationxmas scan

Activity Timeline

1 total obs
Aug 6Aug 6

Threat Activity Heatmap

· Peak: 2025-08-06
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
13
Reports
First seenFeb 27, 2024
Last seenAug 6, 2025
GeolocationNL
CountryNetherlands
LocationFrankfurt Am Main, Hesse
ASNAS48314
OrgGwy It Pty Ltd
Coords50.1153, 8.6805

VirusTotal

Not checked

WHOIS

description
2024-12-19T00:25:55.943Z Honeypot : Dionaea : Source: 194.48.251.77 : Port: 3306 Connection: {'protocol': 'mysqld', 'type': 'accept', 'transport': 'tcp'}

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 10 months ago
Appeared in 13 threat reports