IPMediumSignal 85/100

`203.55.131.5`

Location

Netherlands

Amsterdam, North Holland

ASN

AS32475

Valence Technology Co

First Seen

Sep 26, 2024

Last Seen

Jun 2, 2026

Sep 26

First Seen

623d ago

Jun 2

Last Seen

8d ago

Reports

source reports

85%

Confidence

medium

Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

85%

Signal Score

85 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

118 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS32475

OrganizationValence Technology Co

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

33 reports85% confidence

Source reports

85%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseaccount securityack scanactive scanactive scanningactive-attackadbadb attacksadb brute forceadb exploitationadb protocoladb scanningadb_protocoladbhoney activityadbhoney alertsadbhoney exploitsadbhoney honeypotadbhoney interactionsadbhoney related activityadminadministrative accessamerican expressand exploitation attemptsandroid devicesandroid_attackanomalous network connectionsapacheapache attackerapi servicesapplication layer attackapplication layer protocolaptasiaattackattack preparatoryattack surface discoveryattack vectorsattacker ipattacker ipsattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication-attemptsauthentication_attemptsautomated attackautomated attack attemptsautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated threatsautomated-attackautomated-threatsautomated_attackbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblock listblock.txtblocklist_allblog spambothammerbotnetbotnet activitybotnet-activitybotnet_activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute-force attackbrute-force-attemptsbrute_forcebrute_force_attackbrute_force_attemptbruteforcec2c2 communicationc2 servercanadacapchinachina mobilecisco asacisco asa targetedcisco attackcisco brute forcecisco devicecisco device attackcisco device scanningcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco targetedcisco_device_attackcitrix attack attemptcitrix exploitationcitrix exploitation attemptcitrix exploitation attemptscitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycommunication technologiescompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host activitycompromised host indicatorscompromised hostscompromised system attemptcompromised systemsconfiguration manipulationconfiguration modificationconnectconnect scanconnected devicesconpotconpot activityconpot attackconpot attacksconpot emulationconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactionconpot interactionscontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectedcowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie interactioncowrie interactionscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie ssh logscredential accesscredential attackcredential attackscredential brute forcecredential compromisecredential compromise attemptcredential compromise attemptscredential guessingcredential harvestingcredential stuffingcredential-accesscredential-bruteforcingcredential-stuffingcredential_accesscredential_guessingcredential_stuffingcron injectionctacvecve exploitationcve exploitation attemptcyberattackdaily-threat-feeddaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvestingdata harvesting attemptsdata store exposuredata theftdatabase activitydatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase probedatabase probingdatabase scandatabase scanningdatabase securitydatabase serversdatabase-serverdatabase_attackdatabase_serverdcom exploitationddosddos amplificationddos attackddos attack indicatorsddos attack sourceddos attacksddos attemptddos preparationddos probeddos probingdecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea attackdionaea attack signaturesdionaea attacksdionaea capturedionaea detecteddionaea detectiondionaea emulationdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea payloadsdirectory traversaldistributed attacksdnsdns attackdropperelasticpot activityelasticpot attackselasticpot detectedelasticpot honeypotelasticsearchelasticsearch monitoringelephant flowemailencryptionenterprise networkingenterprise securityenumerationeu cyber policieseuropeexecutable fileexploitexploit activityexploit attemptexploit attemptsexploit kitexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit scanexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexposed servicesexternal access attemptsexternal threatexternal_threatfailed login attemptsfailed loginsfattfatt detectionsfatt signaturesfin scanfinlandfirewall detectionfirewall probingfrancefraud voipftpftp activityftp attacksftp attemptftp brute forceftp brute-forceftp scanftp scanningftp_protocolgeckogeneric exploitgermanygithubgroupshackinghelloheralding activityheralding attackheralding attacksheralding behaviorheralding probesheralding scan activityhigh volume traffichk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap detectionhoneytrap emulationhoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp exploitationhttp probehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/shttp_protocolhttpshttps probehttps scanninghuaweihurricane usicmpics attackics attacksics securityics/scadaics/scada attackics/scada attacksics/scada systemsidentity & access exploitationimapimap brute forceindicatorindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access activityinitial access attemptinitial_accessinitial_access_attemptinjection activityinjection attacksintel macinternet background noiseinternet facinginternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-wide monitoringinternet-wide scaninternet_scaninternet_scannersintrusion attemptintrusion blockintrusion detectioniociocsiot analyticsiot applicationsiot attackiot attacksiot botnetiot device attacksiot device targetingiot exploit attemptsiot exploitationiot platformsiot securityiot systemsiot targetediot/ics attackiot_attackip-address-iocip-addressesipmi scanningipp honeyipp_protocolipphoney activityipphoney honeypotipv4ipv4 addressipv4 addressesipv4 attacksipv4 port scanningipv4 threatsipv4_addresskhtmlkill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp activitylamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server probinglamp server targetlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_stack_attacklateral movementlateral movement techniqueslcialinuxlinux malwarelinux serverslinux system exploitationlinux systemslinux x8664linux-server-attacklinux-server-attackslinux-systemlinux_server_attackslog analysisloginlogin attacklogin attemptlogin attemptslogin failurelogin_attemptlow-riskmailmail protocol abusemail protocol attacksmail service attackmailoney activitymailoney attackmailoney detectionmailoney email attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmailoney trafficmalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious email activitymalicious ipmalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload attemptsmalicious payload deliverymalicious payload detectionmalicious payload distributionmalicious python scriptsmalicious scanmalicious script executionmalicious sftp activitymalicious sip activitymalicious softwaremalicious software detectionmalicious sshmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalicious_trafficmalwaremalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deployment attemptsmalware detectionmalware distributionmalware distribution attemptmalware distribution attemptsmalware downloadmalware download attemptmalware download attemptsmalware droppermalware hostingmalware infectionmalware installationmalware landingmalware propagationmalware scanningmalware-delivery-attemptmalware_activitymalware_distribution_attemptmanualmass port scanmasscan activitymelbourne regionmicrosoft technologiesmiraimirai botnetmobilemobile carriersmobile networksmobile securitymobile threatmodbusmodbus protocolmodule loadingmonthlymssqlmssql brute forcemulti-protocol network scanningmysql brute forcenation-state activitynetherlandsnetworknetwork activitynetwork attacksnetwork device attacknetwork device attacksnetwork device compromisenetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-reconnaissancenetwork-scanningnetwork_activitynetwork_device_attacknetwork_discoverynetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnlnmap scan detectednorth americanull scanoceaniaopen port detectionopen portsopen proxyopen_port_discoveryopenctioperating systemoperating system securityopportunistic attackopportunistic attackeropportunistic attacksopportunistic-attackos detectionos fingerprintingos xosintosint enrichmentot attacksp0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_guessingpcapperimeter securitypgp signphishingphishing attackphishing trapphp exploitphp injection attemptsping of deathpolandpop3 brute forceport-scanningportscanpossible apt activitypossible botnet activitypossible credential stuffingpossible exploit attemptpossible exploit attemptspossible malicious activitypossible malware activitypossible malware deploymentpossible malware distributionpossible malware dropperpossible malware probingpossible malware propagationpossible mirai variantpossible vulnerability exploitationpossible vulnerability probingpossible vulnerability scanpotential attack vectorpotential botnetpotential botnet activitypotential compromisepotential credential compromisepotential credential theftpotential exploit activitypotential exploit attemptspotential exploit targetingpotential intrusionpotential lateral movementpotential malicious activitypotential malware activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential malware hostingpotential malware infectionpotential malware uploadpotential reconnaissance activitypotential threatpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol scanprotocol-abuseproxyproxy protocolpythonransomwareransomware activityransomware probercerdprdp attacksrdp scanrdp scanningrealtime-wafreconnaissancereconnaissance activityredisredis exploit attemptredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypot activityregional securityremote accessremote access attacksremote access attemptremote access attemptsremote loginremote service exploitationremote servicesremote services exploitationremote_access_servicereplication attackresearchedresource developmentresource hijackingrpcs7comms7comm protocolscams & fraudscanscannerscanner activityscanner detectionscannersscanning activityscanning_activityscriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer exploitsentrypeer interactionssentrypeer p2p attackserver exploitationserver securityservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploit attemptsftp exploitationsftp exploitation attemptsftp probingsftp protocolsftp protocol abusesftp scanningsftp traffic analysissftp-attacksftp_protocolshellshellshocksiemsipsip attackssip brute forcesip enumerationsip probingsip protocolsip scansip scanningsip vulnerability scansip vulnerability scanningsip_protocolslaveofslugsmart devicessmb attackssmb brute forcesmb exploitationsmb probingsmb scanningsmb_protocolsmtpsmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp traffic analysissmtp_protocolsocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh key injectionssh monitoringssh protocolssh scanssh-brute-forcessh_protocolstealth scansurface websuricata alertssynsyn scansystem accesssystem reconnaissancet-pott1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1027t1040t1041t1046t1047t1048t1048.003t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1069.001t1071t1071.001t1071.004t1072t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204t1204.002t1210t1486t1490t1496t1497t1498t1499.001t1499.002t1499.003t1505.002t1505.003t1505.004t1539t1547t1550t1550.002t1552.001t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner attacktanner attack patternstanner detectedtanner eventstanner exploit kittanner honeypot activitytanner http honeypottanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtcp_scantelecom servicestelecommunicationtelecommunicationstelnettelnet attackstelnet scantelnet threattelnet-brute-forcetelnet_protocoltexttftp brute forcethreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligence-feedthreat_intelligencethreat_origin:united_statestimeouttop10.txttopips.txttor nodetorontotpottpotceubuntuudp port scanudp scanudp_scanunattributed activityunattributed threat actorunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized-access-attemptunauthorized_access_attemptunited kingdomunited statesunited states sourceunknown actorunknown threat actorunusual network trafficusus abuseus noneus source ipvalid accountsvnc protocolvoipvoip attackvoip attacksvoip servicesvoip_attackvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr infrastructurevultr infrastructure targetedvultr parisvultr_platform_activityweak credentialsweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawling detectionweb developmentweb exploitweb exploitationweb exploitsweb hostingweb infrastructureweb scannerweb serverweb server attacksweb server exploitationweb serversweb service scanningweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-application-attacksweb-serverweb_application_attackweb_attackweb_serverwestpac new zealandwinwindowswindows malwarewindows ntwordpress-attacksxmas scanxml

Activity Timeline

1 total obs

Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

85%

Confidence

Reports

First seenSep 26, 2024

Last seenJun 2, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS32475

OrgValence Technology Co

Coords-33.4940, 143.2104

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: NetRange: 203.55.131.0 - 203.55.131.255 CIDR: 203.55.131.0/24 NetName: VT-255 NetHandle: NET-203-55-131-0-1 Parent: APNIC-203 (NET-203-0-0-0-1) NetType: Direct Allocation OriginAS: Organization: Valence Technology Co. (VT-255) RegDate: 2024-04-18 Updated: 2024-04-18 Ref: https://rdap.arin.net/registry/ip/203.55.131.0 OrgName: Valence Technology Co. OrgId: VT-255 Address: 80 South Main St, Suite 301 City: Hanover StateProv: NH PostalCode: 03755 Country: US RegDate: 2024-01-22 Updated: 2024-07-15 Ref: https://rdap.arin.net/registry/entity/VT-255 OrgTechHandle: PARED42-ARIN OrgTechName: Pare, Danny OrgTechPhone: +1-603-315-8722 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/PARED42-ARIN OrgAbuseHandle: ABUSE9073-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-603-667-3320 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE9073-ARIN
references: https://github.com/telekom-security/tpotce

`203.55.131.5`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy