IPMediumSignal 55/100
51.15.115.141
Location
NetherlandsHaarlem, Noord-Holland
ASN
AS12876
SCALEWAY
First Seen
Jul 25, 2024
Last Seen
Jun 12, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionHaarlem, Noord-Holland
ASNAS12876
OrganizationSCALEWAY
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
17 reports55% confidence
17
Source reports
55%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotanomalous network connectionsantispamaptasiaattackaustraliaauthentication attacksautomated-attackbad reputationbad web botblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcebruteforcec2c2 communicationcanadachina mobilecloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised hostcompromised systemsconpot honeypotcontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcredential accesscredential attackcredential harvestingcredential stuffingcredential-bruteforcingcurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase login attemptdatabase securitydcerpcddosddos attackddospotdecoy systemdenial of servicedenial-of-service attemptdigital oceandionaeadionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationeuropeexecutable fileexfiltrationexploitexploit targetingexploitation activityexploitation attemptexploitation attemptsexploited hostexternal threatextortionfattfatt detectionsfatt signaturesfinlandfranceftpftp brute forceftp scangalahgermanygluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttpshurricane usics securityidentity & access exploitationimapindustrial control systemsinitial accessinjection activityinjection attacksinternet-wide scanintrusion detectioniociot securityiot targetediot/ics attackip-addressesipphoney honeypotipv4ipv4 addresseskibanalateral movementlog4jlog4potlogin attemptmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious ip activitymalicious ip addressesmalicious network activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmalware downloadmedpotmssqlnetherlandsnetworknetwork attacksnetwork discoverynetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork-reconnaissancenetwork_reconnaissancenlnorth americaoceaniaopenctiopportunistic-attackp0fp0f os fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationproxyproxy accessransomwarerdp scanreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote servicesresearchedresource hijackingscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice scanshell accessshell access attemptsippsmtpsmtp attacksmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsshssh attackssh monitoringssh scansuricata alertsuricata alertssyn_scansystem disruptiont-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1563t1565t1566t1566.001t1566.002t1566.003t1588t1588.002t1588.006t1590t1590.002t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet scantelnet threatthreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized_access_attemptunited kingdomunited statesunknown actorus abuseus nonevnc protocolvoipvoip attackvpnvpn ipvulnerability scanvultrweb app attackweb application attackweb attackweb exploitationweb login attemptweb shellweb shell uploadweb spamweb trafficwgetwordpotxmas_scan
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
· Peak: 2026-06-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
17
Reports
First seenJul 25, 2024
Last seenJun 12, 2026
GeolocationNL
CountryNetherlands
LocationHaarlem, Noord-Holland
ASNAS12876
OrgSCALEWAY
Coords48.8714, 2.3214
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
- raw
- inetnum: 51.15.0.0 - 51.15.127.255 netname: SCALEWAY-AMS descr: Scaleway - Amsterdam, Netherlands status: LEGACY remarks: Abuse reports : https://abuse.online.net/ country: NL org: ORG-ONLI1-RIPE admin-c: TTFR1-RIPE tech-c: TTFR1-RIPE mnt-by: ONLINE-NET-MNT created: 2019-05-06T11:54:05Z last-modified: 2022-05-04T17:24:57Z source: RIPE organisation: ORG-ONLI1-RIPE mnt-ref: MNT-TISCALIFR-B2B org-name: Scaleway org-type: OTHER address: 8 rue de la ville l'eveque 75008 PARIS abuse-c: AR32851-RIPE mnt-ref: ONLINE-NET-MNT mnt-by: ONLINE-NET-MNT created: 2015-07-10T15:20:41Z last-modified: 2022-05-03T15:39:01Z source: RIPE # Filtered role: SCALEWAY remarks: known as Online S.A.S. / Iliad-Entreprises address: 8 rue de la ville l'�v�que address: 75008 Paris address: France abuse-mailbox: [email protected] admin-c: IENT-RIPE tech-c: IENT-RIPE nic-hdl: TTFR1-RIPE mnt-by: MNT-TISCALIFR mnt-by: ONLINE-NET-MNT created: 2002-09-24T14:16:42Z last-modified: 2024-07-04T08:07:45Z source: RIPE # Filtered route: 51.15.0.0/17 descr: SCALEWAY descr: Amsterdam, Netherlands origin: AS12876 mnt-by: MNT-TISCALIFR mnt-by: ONLINE-NET-MNT created: 2019-10-03T15:11:06Z last-modified: 2022-05-03T10:05:58Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 13 days ago
Appeared in 17 threat reports