IPMediumSignal 100/100
2.57.122.209
Location
The NetherlandsAmsterdam, North Holland
ASN
AS47890
Techoff SRV Limited
First Seen
Aug 31, 2020
Last Seen
May 31, 2026
Found in 36 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryThe Netherlands
The NetherlandsRegionAmsterdam, North Holland
ASNAS47890
OrganizationTechoff SRV Limited
Feed Intelligence Summary
36 reports99% confidence
36
Source reports
99%
Confidence score
Category tags
abuseaccessaccess controlaccount takeover attemptactionactive scanactive scanningadbhoney activityadbhoney honeypotapplication layer protocolaptattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureautomated attackautomated attacksautomated threatbad reputationbad web botblacklist candidateblocklist_allblog spambotnetbotnet activitybrute forcebrute force activitybrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcecisco brute forcecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftoncommand and controlcommunication protocolcompromised credentialscompromised credentials attemptcompromised hostconfigconnectconnect scanconpotconpot honeypotcowriecowrie activitycowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingcredentialaccesscssctadata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksddos attemptddos preparationdecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdionaeadionaea activitydionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailemailattackencryptionenterprise networkingenumerationeu cyber policieseuropeexecutable fileexploitexploit attemptsexploit kit activityexploit probingexploit public websiteexploit: web applicationexploitationexploitation activityexploited hostfail2ban blockfail2ban eventfail2ban triggeredfailed loginfailed login attemptsfilefin scanftpftp brute forceftp brute-forcegb-hostedgithubgroupshackingheralding activityhoneytrap activityhoneytrap honeypothttp brute forcehttp request anomaliesics securityidentity & access exploitationimapindicatorindustrial control systemsinfoinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitation attemptslamp stack targetinglateral movementlinuxlogin attacklogin attemptlogin attemptslogin brute forcelogin failurelogin failureslow-riskmailoney activitymailoney honeypotmalicious activitymalicious emailmalicious file transfermalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware detectionmalware hostingmanualmirai botnetnetherlandsnetworknetwork activitynetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnlnorth americanoticenull scanoceaniaosintpassword attackpassword attacksphishingphishing attackphishing trappingping of deathpotential botnetpotential compromisepotential malware distributionprocess injectionprotocol exploitationpythonreconnaissancered piranharedis honeypotredishoneypotregional securityremote accessremote access attackremote access attemptremote access attemptsremote service exploitationremote servicesresearchedresource hijackingroromaniascanscannerscanning activityscriptsecurity operationssecurity policysentrypeer activitysentrypeer botnetserverservice enumerationservice scansftpsftp activitysftp attacksipsip brute forcesip enumerationsip scanningsip vulnerability scanningslugsmb scanningsmtpsmtp brute forcesmtp probingsocial engineeringsoftware developmentspamsshssh attackssh monitoringssh scanningsurface websyn scant1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.004t1068t1071.001t1076t1077t1078t1078.001t1078.004t1082t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1583.006t1587.001t1588t1588.004t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomunited statesvalid accountsvoipvoip attackvpsvulnerability scanweb application attackweb exploitationweb scannerweb spamxmas scan
Activity Timeline
May 31May 31
Threat Activity Heatmap
· Peak: 2026-05-31LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
36
Reports
First seenAug 31, 2020
Last seenMay 31, 2026
GeolocationNL
CountryThe Netherlands
LocationAmsterdam, North Holland
ASNAS47890
OrgTechoff SRV Limited
Coords52.3676, 4.9041
VirusTotal
Not checked
WHOIS
- description
- HoneyNet Event: 2.57.122.209 connected: 11 times over ports: 6700 Tags: P0f,6700
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 27 days ago
Appeared in 36 threat reports