IOC Radar
IPHighVerifiedSignal 86/100

31.56.209.222

Location
NetherlandsNetherlands
Eygelshoven, Limburg
ASN
AS209373
Pfcloud
First Seen
Jun 1, 2026
Last Seen
Jun 12, 2026
Jun 1
First Seen
11d ago
Jun 12
Last Seen
today
56
Reports
source reports
95%
Confidence
high
Found in 56 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
95%
Signal Score
86 / 100
IDS Rule
Yes
Threat Context
Threat Actors3
HHivePPlayTTurla
Tags

Network Information

CountryNLNetherlands
RegionEygelshoven, Limburg
ASNAS209373
OrganizationPfcloud

Feed Intelligence Summary

56 reports95% confidence
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5676 indicators)
5189 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5663 indicators)
5178 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5649 indicators)
5167 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5628 indicators)
5146 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5562 indicators)
5082 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5555 indicators)
5077 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (6250 indicators)
5768 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (6239 indicators)
5766 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5978 indicators)
5511 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5977 indicators)
5512 IOCs in report

Activity Timeline

45 total obs
Jun 12Jun 10

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
45
Critical
30d
45
Critical
3mo
45
Critical
Threat ScoreHigh Risk
86
SIGNAL
Signal Score
95%
Confidence
56
Reports
First seenJun 1, 2026
Last seenJun 12, 2026
Verified IOC
GeolocationNL
CountryNetherlands
LocationEygelshoven, Limburg
ASNAS209373
OrgPfcloud
Coords50.8933, 6.0580

VirusTotal

Not checked

WHOIS

raw
inetnum: 31.56.209.0 - 31.56.209.255 netname: SWISSNET country: NL admin-c: AA46315-RIPE org: ORG-SL1399-RIPE tech-c: AA46315-RIPE status: ASSIGNED PA created: 2026-03-16T16:20:19Z last-modified: 2026-03-16T18:15:50Z source: RIPE mnt-by: lir-ae-goldip-1-MNT mnt-by: GOLD-MNT mnt-by: pfcloud-mnt organisation: ORG-SL1399-RIPE org-name: SWISSNET LLC org-type: OTHER address: 121 E 2ND ST STE 401 STE 401, OWENSBORO, KY 42303 country: US reg-nr: 1540904 (Kentucky) admin-c: AA46315-RIPE tech-c: AA46315-RIPE abuse-c: AA46315-RIPE mnt-ref: swissnet-mnt created: 2026-02-12T19:07:31Z last-modified: 2026-05-13T06:48:00Z source: RIPE # Filtered mnt-by: swissnet-mnt role: Admin remarks: ### ------------------------------------------------------------------------- remarks: For all operational or administrative inquiries (tech/NOC and RIPE-related), remarks: please contact: [email protected] remarks: Do NOT send abuse reports to the NOC address above. remarks: ### ------------------------------------------------------------------------- abuse-mailbox: [email protected] address: 121 E 2ND ST STE 401 STE 401, OWENSBORO, KY 42303 nic-hdl: AA46315-RIPE created: 2026-02-18T14:42:59Z last-modified: 2026-02-18T15:02:31Z source: RIPE # Filtered mnt-by: swissnet-mnt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 11 days ago · Last seen today
Appeared in 56 threat reports from 10 sources
Associated with: Hive, Play, Turla
Used by malware: Rhysida, Stealc, XMRig, Nanocore, Mirai, Vidar, NjRAT, Pegasus, Lumma, SocGholish, Remcos, Cobalt Strike, Metasploit, AsyncRAT, META Stealer, Hive, Play, Havoc, Sliver