IPMediumSignal 92/100
5.61.209.33
Location
NetherlandsAmsterdam, North Holland
ASN
AS206264
Amarutu Technology Ltd. Network
First Seen
Jan 25, 2026
Last Seen
Jun 8, 2026
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
92%
Signal Score
92 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionAmsterdam, North Holland
ASNAS206264
OrganizationAmarutu Technology Ltd. Network
Feed Intelligence Summary
20 reports92% confidence
20
Source reports
92%
Confidence score
Category tags
abuseactive scanalienvault_ransomwareangelapacheaptattacker ipbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackerbrute-forcebruteforceconsumer goodscowrieddosddos attackdigital oceandionaeadownldreducationengineeringeseuropeexploitexploitation activityexploited hostexploitsfattftp brute-forcegalahhackinghttpinbound scanindia educationindicatorinjection activityiot securityiot targetedlegalmalicious ipmediameshmiraimonthlynetherlandsnetworknjwxinlp0fphishingping of deathpinkportscanransomwareresearchresearchedretail tradescanscannerscannerssensor-taggedservice scanseychellesskypesocradar honeypotspainspamsql injectionsshssh-brutet1595tannertargeting databasetcptelnetthreat actortpotvulnerability scanvulnerability-exploitationvultrwannawannacryweb app attackweb spam
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
92
SIGNAL
Signal Score
92%
Confidence
20
Reports
First seenJan 25, 2026
Last seenJun 8, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS206264
OrgAmarutu Technology Ltd. Network
Coords40.4172, -3.6840
VirusTotal
Not checked
WHOIS
- description
- Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 5.61.209.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).
- raw
- inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC status: ALLOCATED UNSPECIFIED remarks: The country is really worldwide. remarks: This address space is assigned at various other places in remarks: the world and might therefore not be in the RIPE database. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-HM-MNT mnt-lower: AFRINIC-HM-MNT source: AFRINIC # Filtered parent: 0.0.0.0 - 255.255.255.255 organisation: ORG-IANA1-AFRINIC org-name: Internet Assigned Numbers Authority org-type: IANA country: EU # Country is really worldwide address: see http://www.iana.org remarks: The IANA allocates IP addresses and AS number blocks to RIRs remarks: see http://www.iana.org/ipaddress/ip-addresses.htm remarks: and http://www.iana.org/assignments/as-numbers admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-by: AFRINIC-HM-MNT remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC # Filtered role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: TEAM-AFRINIC tech-c: TEAM-AFRINIC nic-hdl: IANA1-AFRINIC remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-DB-MNT source: AFRINIC # Filtered
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 6 days ago
Appeared in 20 threat reports