IOC Radar
IPMediumSignal 88/100

85.11.167.220

Location
NetherlandsNetherlands
Sofia, 22
ASN
AS213438
Speedy
First Seen
Apr 15, 2026
Last Seen
Jun 3, 2026
Apr 15
First Seen
59d ago
Jun 3
Last Seen
11d ago
19
Reports
source reports
88%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
88%
Signal Score
88 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

2 techniques

Network Information

CountryNLNetherlands
RegionSofia, 22
ASNAS213438
OrganizationSpeedy

Feed Intelligence Summary

19 reports88% confidence
19
Source reports
88%
Confidence score
Category tags
abuseactive scanapacheapache attackeraptattackbad reputationbad web botbgbotnet activitybrute forcebrute force attackerbrute-forcebruteforcebulgariacertcowrieddosddos attackdigital oceaneuropeeurope/asiaexploitation activityexploited hostftp brute-forcehackingindicatorkill-chain exploitationkill-chain reconnaissancelow-risknetherlandsnetworknlopencanaryosintphishingportscanproject_gifted1ransomwareraspberry-piresearchedscannerscannersself-signedservice scansocradar honeypotsshssh attackt1110.001t1595.001threat actorturkeyvultrweb app attackworker_strike

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
88
SIGNAL
Signal Score
88%
Confidence
19
Reports
First seenApr 15, 2026
Last seenJun 3, 2026
GeolocationNL
CountryNetherlands
LocationSofia, 22
ASNAS213438
OrgSpeedy
Coords42.6951, 23.3250

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 85.11.167.0 - 85.11.167.255 netname: speedy country: NL admin-c: KT3119-RIPE tech-c: SS30179-RIPE status: SUB-ALLOCATED PA created: 2026-03-04T15:56:56Z last-modified: 2026-03-04T15:56:56Z source: RIPE mnt-by: bg-sofcompany-1-mnt person: Krasimir Tzvetanov address: 80 Okolovrasten pat Street address: 1415 address: Sofia address: BULGARIA phone: +359899906424 nic-hdl: KT3119-RIPE mnt-by: bg-sofcompany-1-mnt created: 2016-08-22T07:07:28Z last-modified: 2016-08-22T07:07:29Z source: RIPE person: Svetoslav Stoykov address: 80 Okolovrasten pat Street address: 1415 address: Sofia address: BULGARIA phone: +359899906424 nic-hdl: SS30179-RIPE mnt-by: bg-sofcompany-1-mnt created: 2016-08-22T07:07:28Z last-modified: 2016-08-22T07:07:29Z source: RIPE route: 85.11.167.0/24 origin: AS213438 mnt-by: bg-sofcompany-1-mnt created: 2025-10-28T08:34:06Z last-modified: 2025-10-28T08:34:06Z source: RIPE
references
https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 11 days ago
Appeared in 19 threat reports