IOC Radar
IPMediumSignal 71/100

45.81.23.31

Location
NetherlandsNetherlands
Amsterdam, VA
ASN
AS49870
Alsycon B.V
First Seen
Oct 20, 2024
Last Seen
May 29, 2026
Oct 20
First Seen
611d ago
May 29
Last Seen
24d ago
17
Reports
source reports
71%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

53 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, VA
ASNAS49870
OrganizationAlsycon B.V

Feed Intelligence Summary

17 reports71% confidence
17
Source reports
71%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningaptattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attacksc2citrix attackcitrix exploitationcitrix exploitation attemptcitrix securitycommand & controlcommand and controlcommunication protocolcowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredatabase attackdatabase brute forcedatabase securitydecoy systemdictionary attackdionaea activitydionaea honeypotdistributed attacksenterprise securityeuropeexploit attemptexploitation activityftp brute forcehackinghoneytrap activityhoneytrap honeypothttp brute forcehttp probingidentity & access exploitationimap brute forceindicatorinfrastructure acquisitionreconnaissanceinjection activityintrusion detectionlamplamp attacklamp exploitlateral movementmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware scanningmanualnetherlandsnetworknetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnlnorth americapassword attacksphishingphishing attackpossible botnet activitypossible credential compromisepotential malware distributionprocess injectionprotocol exploitationreconnaissancereconnaissance activityredis honeypotremote access attemptsresearchedresource hijackingscanscannerscanning activityscripting attackssecurity policysentrypeer botnetservice enumerationservice scansftp attacksipsip exploitationsip scansip scanningsmb scanningsmtp brute forcesocial engineeringsshssh attackssh monitoringt-pott1003t1018t1021t1021.001t1021.002t1021.004t1021.006t1040t1041t1046t1053t1055t1059t1059.004t1059.007t1068t1071.001t1078t1078.002t1078.003t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1566.001t1566.002t1566.003t1587.001t1588t1589t1590.001t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpot ceunauthorized access attemptunited statesusvalid accountsvoipvoip attackweb application attackweb application scanningweb attackweb exploitationweb shell attempt

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
17
Reports
First seenOct 20, 2024
Last seenMay 29, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, VA
ASNAS49870
OrgAlsycon B.V
Coords39.0481, -77.4728

VirusTotal

Not checked

WHOIS

description
2024-11-16T11:04:16.020Z Honeypot : Tanner : Source: 45.81.23.31 : Port: 80 Post Data: {'response': {'message': {'detection': {'type': 1, 'version': '0.6.0', 'name': 'index', 'order': 1}, 'sess_uuid': '02c431a6-13b8-4242-aef2-cf649fb0683a'}}, 'version': '0.6.0'}
raw
inetnum: 45.81.22.0 - 45.81.23.255 netname: COMPANYTOTAL org: ORG-AB247-RIPE country: NL admin-c: BN3026-RIPE tech-c: MB48002-RIPE status: ASSIGNED PA mnt-by: mnt-hostus created: 2025-07-30T10:50:33Z last-modified: 2025-07-30T10:50:51Z source: RIPE organisation: ORG-AB247-RIPE org-name: Alsycon B.V. country: NL org-type: LIR address: Bruynvisweg 11 address: 1531 AX address: Wormer address: NETHERLANDS phone: +31224712026 abuse-c: ACRO31910-RIPE mnt-by: RIPE-NCC-HM-MNT mnt-by: Alsycon-BV mnt-ref: Alsycon-BV mnt-ref: SpectraIP mnt-ref: MNT-HOSTUS created: 2019-05-13T14:08:46Z last-modified: 2021-07-28T21:55:27Z source: RIPE # Filtered person: Bernhard Nielsen address: Bruynvisweg 11 address: 1531AX Wormer address: The Netherlands phone: +31224217222 nic-hdl: BN3026-RIPE mnt-by: BN-KYOX-NL created: 2020-07-23T11:28:27Z last-modified: 2020-07-23T11:49:44Z source: RIPE person: Maximilien Boralevi address: Bruynvisweg 11 address: 1531 AX address: Wormer address: NETHERLANDS phone: +31224712026 nic-hdl: MB48002-RIPE mnt-by: MB-KYOX-NL created: 2019-05-13T14:08:45Z last-modified: 2020-08-24T23:00:58Z source: RIPE route: 45.81.22.0/23 origin: AS49870 mnt-by: Alsycon-BV mnt-by: Alsycon-BV-mnt created: 2020-04-07T16:18:17Z last-modified: 2020-12-16T19:54:20Z source: RIPE
references
https://threatfox.abuse.ch/export/csv/recent/, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 24 days ago
Appeared in 17 threat reports