IOC Radar
IPMediumSignal 58/100

89.248.163.200

Location
NetherlandsNetherlands
Amsterdam, Noord-Holland
ASN
AS202425
Quasi Networks LTD
First Seen
Sep 21, 2022
Last Seen
Jun 19, 2026
Sep 21
First Seen
1372d ago
Jun 19
Last Seen
5d ago
28
Reports
source reports
58%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

114 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, Noord-Holland
ASNAS202425
OrganizationQuasi Networks LTD

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

28 reports58% confidence
28
Source reports
58%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseaccount discoveryackack scanactive reconnaissanceactive scanactive scanningactor listadbhoney honeypotagentalertanomalous network connectionsapacheapache attackerapi servicesapplication brute forceapplication layer protocolapplication scanapplication scanningaptasiaasset discoveryattackattack activityattack attemptattack preparatoryattack surface discoveryattack vectorsattacker ipattacker ip addressesattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureautomated attackautomated attacksautomated scanautomated scanningautomated-attackautomated_attackbad ip'sbad reputationbad web botbanner grabbing attemptblacklist ipblock listblock.txtblog spambotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackbrute_force_attemptbruteforcec2c2 communicationc2 servercanadachina mobilecins activecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescloud-infrastructurecloud_infrastructurecode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon credentialscommon port scancommon portscommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemsconnect scanconpot honeypotcontainer securitycontent deliverycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential sprayingcredential stuffingcredential stuffing attemptscredential-accesscredential-bruteforcingcredential_accesscredential_attackcredentialaccesscurlcvecyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase login attemptdatabase scanningdatabase securitydatabase servicesdcerpcddosddos attackddos attacksddos probeddospotdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipdigitalocean ipsdigitalocean platformdionaea activitydionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdirectory traversal probediscovery phasedistributed attacksdnsdns attackdockerdshield blockeducationelasticpot honeypotelasticsearchelasticsearch monitoringelephant flowencryptionenumerationenumeration activityenumeration attemptenumeration scanet dropeuropeexecutable fileexfiltrationexfiltration preparationexploitexploit attemptexploit attemptsexploit probingexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexposed servicesexternal attackexternal network scanexternal reconnaissanceexternal scanexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatfailed loginfailed login attemptsfailedloginfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfirewall detection probefirewall evasionfirewall probingfrancefraud ordersfraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp protocolftp scanftp scanningftp_scanfull connect scangalahgermanygluttongopothackinghellpothigh volume traffichk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp enumerationhttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/shttp/s scanninghttp_scanhttpshttps scanninghurricane ushydrahydra attackicmpicmp scanics securityidentity & access exploitationids evasionimapimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure discoveryinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_accessinitial_access_attemptinitiator ipinjection activityinjection attacksinternal scaninternet background noiseinternet exposedinternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet scaninternet wide scaninternet-facinginternet-facing asset attackinternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-scanninginternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion attemptintrusion blockintrusion detectioninvalid credentialsinvalid logininvalid login attemptinvalid login attemptsiocioc.ipiocsiot botnetiot securityiot targetediot/ics attackip-addressesipaddressscanningipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4 trafficipv4-addressesipv4-iocipv4-scanningipv4_activityipv4_addressipv4_indicatorsipv4_scanningit infrastructurejapankfsensor honeypotkibanalateral movementlisted sourcelog4potlogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin bruteforcelogin_attemptloginattemptloginattemptsloginfailurelondonmail servicesmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious file transfermalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious scanmalicious softwaremalicious trafficmalicious-scanmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmalware scanningmanualmass port scanmass port scanningmass scanningmass scanning activitymass-scanningmasscanmasscan activitymassive port scanmassive scanningmedpotmedusamedusa attackmelbourne regionmiraimirai botnetmisp threatmssqlmssql brute forcemysql brute forcenation-state activitynetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_discoverynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkenumerationnetworkscanningnlnmapnmap scannmap scan detectednorth americantpnull port scannull scanobserved iocsobserved malicious activityoceaniaopen port detectionopen port discoveryopen port enumerationopen port identificationopen portsopen proxyopen threatopen_port_discoveryopenctioperating system detectionopportunistic attackopportunistic attackeropportunistic-attackos credential dumpingos detectionos fingerprintingos fingerprinting attemptotx pulsenametip0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword crackingpassword sprayingpassword_attackpasswordattackpasswordcrackingpgp signphishingphishing attackphishing trappicturepingping of deathpinyinpla unitpolandpoor reputationpop3 brute forceportport-scanningportscanpossible botnet activitypossible credential stuffingpossible exploit attemptspossible exploitation attemptpossible intrusionpossible intrusion attemptpossible lateral movementpossible malicious activitypossible malware distributionpossible reconnaissancepossible reconnaissance activitypossible unauthorized accesspossible vulnerability exploitationpossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpossibleintrusionpostgresql brute forcepotential attack vectorpotential compromisepotential credential compromisepotential credential stuffingpotential exploitpotential exploit targetingpotential intrusionpotential intrusion attemptpotential reconnaissancepotential reconnaissance activitypotential security threatpotential threatpotential threat activitypotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpre-attackprobable vulnerability assessmentprobing activityprocess injectionprotoprotocol exploitationproxyproxy accessproxy protocolpublic cloudpublic cloud targetingransomwarerdp attacksrdp protocolrdp scanrdp scanningrdp_scanreconnaissancereconnaissance activityrecyber_project-benignredis honeypotremote accessremote access attackremote access attemptsremote servicesresearchresearchedresource hijackingrtbhsansscams & fraudscanscannerscanner activityscanner ipscanner ipsscannersscanning activityscanning toolscanning_activityscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationserver targetserversservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice-discoveryservice_enumerationshell accessshell commandsingaporesip attackssip brute forcesip scanningsippsmb brute forcesmb enumerationsmb scansmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp enumerationsmtp probingsmtp scansmtp scanningsnaresocial engineeringsoftware developmentsoftware exploitationspamsql brute forcesql injectionsql injection attemptsql injection attemptssql injection probesql protocolsql serversshssh attackssh attacksssh monitoringssh protocolssh scanssh scanningssh-brutessh_scanstealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssuspected malicious activitysuspected reconnaissance activitysweep scansynsyn floodsyn port scansyn scansyn scanningsyn_scansystem accesssystem discoveryt-pott1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1021.007t1027t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.002t1078.004t1082t1083t1087t1087.001t1087.002t1087.003t1087.004t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1134t1136t1137t1187t1189t1190t1195t1199t1203t1204t1204.002t1205t1210t1213t1486t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1591t1592t1592.004t1593t1594t1595t1595.001t1595.001: vulnerability scanningt1595.002t1595.003t1595.003: port scanningt1595: active scanningta0043: reconnaissancetannertanner activitytanner eventstanner interactionstargeted scantargeting databasetcptcp port scanningtcp protocoltcp scantcp scanningtcp-scantcp-scanningtcp/iptcp_scantelecommunicationstelnet attackstelnet scantelnet scanningtelnet threatthreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_actor_unknownthreat_discoverythreat_intelligenceti advisorytimeouttokyotop10.txttopips.txttor nodetorontotpottsectsocudp port scanudp port scanningudp scanudp-scanudp-scanningudp_scanunattributed activityunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized scanningunauthorized_access_attemptuncommon portsunidentified threat actorunit coverunited kingdomunited statesunknown actorunknown groupunknown threat actorunsolicited network probeunsolicited port accessunsolicited trafficunusual network activityus abuseus nonevalid accountsverified-benignversion detectionvmware picturevnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanningvulnerabilityscanvultrvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr ip addressvultr parisvultr tokyovultr-platformvultr_platform_activityweak credentialsweak password attackweak password attemptweb apisweb app attackweb application attackweb application attacksweb application scanningweb applicationsweb attackweb developmentweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb technologiesweb trafficwgetwindow scanwordpotxmasxmas port scanxmas scanxmas_scanzmap

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
28
Reports
First seenSep 21, 2022
Last seenJun 19, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, Noord-Holland
ASNAS202425
OrgQuasi Networks LTD
Coords51.4964, -0.1224
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 89.248.163.128 - 89.248.163.255 netname: NET-3-163 descr: RECYBER PROJECT NETBLOCK remarks: +----------------------------------------------- remarks: | This net-block is not trying to hack you, we are only scanning remarks: | for LEGIT purposes ONLY. This scanning is done by multiple remarks: | security organizations. remarks: | Please use https://www.recyber.net/opt-out remarks: | to have your ip-address and/or netblock/as number white-listed remarks: | and excluded from this project. remarks: | If you have any further questions please contact [email protected] remarks: +----------------------------------------------- country: NL org: ORG-IVI1-RIPE geoloc: 52.370216 4.895168 admin-c: RR13369-RIPE abuse-c: RR13369-RIPE tech-c: RR13369-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2021-11-29T15:59:06Z last-modified: 2021-11-29T16:03:33Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: RECYBER ROLE address: 35 Firs Avenue, London, England, N11 3NE abuse-mailbox: [email protected] nic-hdl: RR13369-RIPE mnt-by: IPV created: 2021-01-27T15:12:59Z last-modified: 2021-01-27T15:12:59Z source: RIPE # Filtered route: 89.248.163.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-08T15:41:19Z last-modified: 2019-02-08T15:41:19Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 5 days ago
Appeared in 28 threat reports