IOC Radar
IPMediumSignal 38/100

194.85.251.34

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS57043
Snowd Security OU
First Seen
Feb 1, 2025
Last Seen
May 3, 2026
Feb 1
First Seen
497d ago
May 3
Last Seen
41d ago
17
Reports
source reports
38%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS57043
OrganizationSnowd Security OU

IP Category

Proxy
Proxy server

Feed Intelligence Summary

17 reports38% confidence
17
Source reports
38%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotaptattackbad reputationbankingblacklist ipbotnetbotnet activitybrute forcebrute force attackbruteforcecommand and controlcommunication protocolcowriecowrie honeypotcowrie honeypot datacredential accesscredential harvestingcredential stuffingcredit card servicesctadata exfiltrationdata store exposureddosddos attacksdedecoy systemdenial of servicedionaea honeypotdistributed attackseuropeexploitation activityfinancefinance and insurancefinancial servicesfinancial technologyfinlandgermanygithubhoneytrap honeypothttp scanneridentity & access exploitationinjection activityinternet of thingsintrusion detectioniot botnetiot securityiot/ics attacklampmailoney honeypotmalicious activitymalicious ipmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemiraimirai botnetmysqlnetherlandsnetworknetwork attacksnetwork probingnetwork scanningnetwork securitynetwork service scanningnginxnlpassword attackspayment processingphishingphishing attackphishing trapprobingprocess injectionproxyproxy protocolpythonreconnaissancereconnaissance activityresearchedresource hijackingscanscannerscanningscanning activitysecurity policysentrypeer botnetserverservice scansftpsftp attacksftp exploit attemptsipslugsocial engineeringsshssh attackssh monitoringsurface webt1021t1021.004t1040t1041t1046t1055t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1592t1595t1595.001t1595.002t1595.003tannertcptcp protocoltelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontor nodeunauthorized access attemptunited statesvoipvoip attackwealth managementweb app attackweb application attackweb exploitationweb scannerweb trafficwebscanwebscanner

Activity Timeline

1 total obs
May 3May 3

Threat Activity Heatmap

· Peak: 2026-05-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
17
Reports
First seenFeb 1, 2025
Last seenMay 3, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS57043
OrgSnowd Security OU
Coords51.2993, 9.4910
Proxy

VirusTotal

Not checked

WHOIS

description
2025-02-20T07:01:04.517Z Honeypot : Cowrie : Source: 194.85.251.34 Data: New connection: 194.85.251.34:45120 (192.168.80.2:23) [session: 8dc4323b4774]
raw
inetnum: 194.85.248.0 - 194.85.251.255 netname: AE-RCSTECHNOLOGIES-19940819 country: DE org: ORG-RTFL1-RIPE mnt-domains: interlir-mnt mnt-routes: interlir-mnt mnt-lower: interlir-mnt admin-c: NA7825-RIPE tech-c: NA7825-RIPE status: ALLOCATED PA mnt-by: lir-ae-rcstechnologies-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2025-01-28T12:16:49Z last-modified: 2025-01-28T12:36:18Z source: RIPE organisation: ORG-RTFL1-RIPE org-name: RCS Technologies FZE LLC country: AE org-type: LIR address: BLB-S5-101 AMC - Boulevard B Building Makani No. 4730710293 address: NA address: Ajman address: UNITED ARAB EMIRATES phone: +44 28 4378 0176 admin-c: NA7825-RIPE tech-c: NA7825-RIPE abuse-c: AA40813-RIPE mnt-ref: lir-ae-rcstechnologies-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-ae-rcstechnologies-1-MNT created: 2022-08-25T08:21:18Z last-modified: 2025-06-16T17:38:49Z source: RIPE # Filtered role: NOC address: UNITED KINGDOM address: London address: WC2A 2JR address: 7 Bell Yard phone: +44 28 4378 0176 nic-hdl: NA7825-RIPE mnt-by: lir-ae-rcstechnologies-1-MNT created: 2022-08-25T08:21:17Z last-modified: 2022-08-25T08:21:18Z source: RIPE # Filtered
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 17 threat reports