IOC Radar
IPMediumSignal 60/100

86.54.28.101

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS12989
Black HOST Ltd
First Seen
Jul 5, 2025
Last Seen
Apr 27, 2026
Jul 5
First Seen
353d ago
Apr 27
Last Seen
57d ago
12
Reports
source reports
60%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS12989
OrganizationBlack HOST Ltd

Feed Intelligence Summary

12 reports60% confidence
12
Source reports
60%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney activityadbhoney exploitsadbhoney honeypotattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute_forcecanadaciscocisco devicecisco device targetingcisco exploit attemptscisco_exploitcnccommand and controlcommunication protocolcowriecowrie activitycowrie honeypotcowrie ssh attackscowrie_attackcredential accesscredential harvestingcredential stuffingcredential_accessdata exfiltrationdata store exposureddosddos attacksdecoy systemdevice managementdionaeadionaea activitydionaea honeypotdionaea malware collectiondistributed attacksenterprise networkingenumerationeuropeexploit attemptexploitationexploitation activityftp brute forceheralding activityhoneytrap honeypotidentity & access exploitationindicatorinitial_accessinjection activityinternet of thingsiot botnetiot securityiot/ics attacklamplamp exploit attemptslamp stack targetinglamp_exploitmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmirai botnetnetherlandsnetworknetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnlnorth americapassword attackspassword sprayingphishingphishing attackpolcertpotential malware uploadprocess injectionransomwarereconnaissanceremote accessresearchedresource hijackingscannerscriptsentrypeer activitysentrypeer botnetservice scansftpsftp access attemptssftp attacksftp_attacksipsip brute forcesip scanningsip_attacksocial engineeringsocradar honeypotsshssh attackssh monitoringssh_bruteforcet1021t1021.001t1021.002t1021.004t1040t1041t1055t1059t1059.004t1071.001t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1589t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnet scanningthreat actorthreat detectionthreat intelligencetor nodeunited kingdomunited statesvoipvoip attack

Activity Timeline

1 total obs
Apr 27Apr 27

Threat Activity Heatmap

· Peak: 2026-04-27
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
12
Reports
First seenJul 5, 2025
Last seenApr 27, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS12989
OrgBlack HOST Ltd
Coords51.4964, -0.1224

VirusTotal

Not checked

WHOIS

description
dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw
NetRange: 86.0.0.0 - 86.255.255.255 CIDR: 86.0.0.0/8 NetName: 86-RIPE NetHandle: NET-86-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2004-04-01 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/86.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 1 month ago
Appeared in 12 threat reports