IOC Radar
IPMediumSignal 32/100

213.10.31.166

Location
NetherlandsNetherlands
Amsterdam, Utrecht
ASN
AS1136
KPN B.V.
First Seen
Aug 16, 2024
Last Seen
Apr 12, 2026
Aug 16
First Seen
664d ago
Apr 12
Last Seen
59d ago
13
Reports
source reports
32%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
32%
Signal Score
32 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, Utrecht
ASNAS1136
OrganizationKPN B.V.

Feed Intelligence Summary

13 reports32% confidence
13
Source reports
32%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney activityadbhoney exploitsadbhoney honeypotattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute_forcecisco devicecisco device targetingcisco exploit attemptscisco_exploitcommand and controlcommunication protocolcowrie activitycowrie honeypotcowrie ssh attackscowrie_attackcredential accesscredential stuffingcredential_accessdata exfiltrationdata store exposureddosddos probedecoy systemdevice managementdionaea activitydionaea honeypotdionaea malware collectiondistributed attacksenterprise networkingeuropeexploit scanexploitation activityftpftp brute forceheralding activityhoneytrap honeypothttp brute forceidentity & access exploitationindicatorinitial_accessinjection activitylamplamp exploit attemptslamp stack targetinglamp_exploitmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetherlandsnetworknetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork securitynlpassword attackspotential botnet activityprocess injectionprotocol exploitationreconnaissanceresearchedresource hijackingscannersecurity policysentrypeer activitysentrypeer botnetsftp access attemptssftp attacksftp_attacksip brute forcesip scanningsip_attacksmtp brute forcessh attackssh monitoringssh_bruteforcet1016t1018t1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.001t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1589t1590t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeunknown threat actorvoipvoip attack

Activity Timeline

1 total obs
Apr 12Apr 12

Threat Activity Heatmap

· Peak: 2026-04-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
32
SIGNAL
Signal Score
32%
Confidence
13
Reports
First seenAug 16, 2024
Last seenApr 12, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, Utrecht
ASNAS1136
OrgKPN B.V.
Coords52.3528, 4.8584

VirusTotal

Not checked

WHOIS

description
2025-07-07T06:12:47.329Z Honeypot : Tanner : Source: 213.10.31.166 : Port: 80 Post Data: {'response': {'message': {'detection': {'type': 1, 'version': '0.6.0', 'order': 1, 'name': 'index'}, 'sess_uuid': '2c9224a4-4829-48e5-84c0-7f6bca214b6b'}}, 'version': '0.6.0'}
raw
inetnum: 213.10.0.0 - 213.10.127.255 netname: KPN descr: Customer country: NL admin-c: PT978-RIPE tech-c: PT978-RIPE status: ASSIGNED PA mnt-by: KPN-MNT remarks: Please mail abuse issues to: [email protected] created: 1970-01-01T00:00:00Z last-modified: 2018-11-05T10:13:15Z source: RIPE role: KPN B.V. address: Stationsstraat 115 (visit address) address: P.O. box 3053 address: 3800 DB Amersfoort address: The Netherlands phone: +31 30 6588612 remarks: Operational issues: [email protected] remarks: Peering issues: [email protected] nic-hdl: PT978-RIPE admin-c: RH13540-RIPE admin-c: PBOS-RIPE tech-c: RH13540-RIPE remarks: For security & abuse issues see inetnum. abuse-mailbox: [email protected] mnt-by: KPN-MNT created: 2003-04-02T10:49:57Z last-modified: 2021-08-11T07:00:08Z source: RIPE # Filtered route: 213.10.0.0/16 descr: PIADDR origin: AS1136 mnt-by: KPN-MNT created: 2014-12-17T11:06:44Z last-modified: 2014-12-17T11:06:44Z source: RIPE
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 13 threat reports