IOC Radar
IPMediumSignal 70/100

45.9.149.201

Location
NetherlandsNetherlands
Amsterdam, NH
ASN
AS49447
Nice IT Services Group Inc.
First Seen
Oct 5, 2025
Last Seen
May 7, 2026
Oct 5
First Seen
262d ago
May 7
Last Seen
49d ago
20
Reports
source reports
70%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

55 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, NH
ASNAS49447
OrganizationNice IT Services Group Inc.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

20 reports70% confidence
20
Source reports
70%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningaptasiaasset discoveryattackattack activityattacker ipattacker-ipaustraliaauthentication attemptsautomated attackbad reputationbad web botblacklist ipblacklisted domainsblacklisted ip addressesblacklisted urlsblocklist_allbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcec2 communicationcanadacloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised systemscowriecowrie honeypotcowrie interactionscredential accesscredential attackcredential guessingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipdionaeadionaea honeypotdionaea interactionsdistributed attacksdnsdns attackencryptionenumerationeuropeexploitexploitation activityexploitation attemptexploited hostexternal reconnaissanceexternal threatexternal-threatfattfatt signaturesfranceftpftp brute forcehackinghoneytrap honeypothoneytrap interactionshttp probinghttp scannerhttpsicmpidentity & access exploitationimapindicatorinfected hostsinitial accessinitial access attemptinitial access vectorinjection activityinjection attacksinternet background noiseinternet exposedinternet of thingsinternet-facinginternet-facing assetsinternet-wide scanintrusion detectioniociot botnetiot securityiot/ics attackipv4ipv4 iocipv4 trafficipv4-addressesjapanlateral movementmailoney honeypotmailoney interactionsmalicious activitymalicious ipmalicious scanmalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemiraimirai botnetmssqlnetherlandsnetworknetwork activitynetwork attacksnetwork enumerationnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork traffic analysisnetwork-reconnaissancenlnorth americaoceaniaopenctiopportunistic attackerp0fp0f signaturespassword attacksphishingphishing attackphishing trapping of deathport-scanningportscanprocess injectionprotocol exploitationproxyproxy protocolransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsservice probingservice scansmtpsmtp probingsmtp scanningsocial engineeringspamsshssh attackssh monitoringsuricata alertssystem accesst1005t1016t1018t1020t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.003t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1589t1590t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcptcp protocoltcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunauthorized accessunauthorized probingunknown threat actorvoidtrapvoipvoip attackvulnerability scanvultrweb application attackweb attackweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 7May 7

Threat Activity Heatmap

· Peak: 2026-05-07
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
70
SIGNAL
Signal Score
70%
Confidence
20
Reports
First seenOct 5, 2025
Last seenMay 7, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, NH
ASNAS49447
OrgNice IT Services Group Inc.
Coords52.3716, 4.8883
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 45.9.149.128 - 45.9.149.255 descr: Nice IT Customers Network netname: NiceIT-NL country: NL admin-c: KS10518-RIPE tech-c: KS10518-RIPE abuse-c: AR52139-RIPE status: ASSIGNED PA mnt-by: niceit-mnt created: 2020-02-26T17:01:48Z last-modified: 2020-09-18T16:09:59Z source: RIPE person: Kimon S. address: 28 Cork Street, Roseau, Dominica phone: +17672677987 nic-hdl: KS10518-RIPE mnt-by: niceit-mnt created: 2019-04-20T21:28:19Z last-modified: 2020-12-02T17:53:28Z source: RIPE route: 45.9.149.0/24 origin: AS49447 mnt-by: niceit-mnt created: 2019-07-04T10:42:51Z last-modified: 2019-07-04T10:42:51Z source: RIPE
references
https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-19/, https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-02-27/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-26/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-25/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-22/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 8 months ago · Last seen 1 month ago
Appeared in 20 threat reports