IPMediumSignal 78/100
89.248.165.199
Location
NetherlandsAmsterdam, North Holland
ASN
AS202425
Quasi Networks LTD.
First Seen
Mar 11, 2021
Last Seen
Jan 27, 2026
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
78%
Signal Score
78 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionAmsterdam, North Holland
ASNAS202425
OrganizationQuasi Networks LTD.
Feed Intelligence Summary
18 reports78% confidence
18
Source reports
78%
Confidence score
Category tags
abuseaccess controlactive scanningalaskaapplication layer protocolattackauthentication abuseauthentication failurebad web botbeningbening scannerblacklisted ipbotnetbotnet activity detectedbrute forcebrute force attackbrute force attacksc2c2 communicationcommand and controlcommunication protocolcompromised credentials attemptcompromised hostconnect scancowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase attacksdatabase securityddos attackdecoy systemdenial of servicedictionary attackdionaea honeypotdistributed attacksenumerationeuropeexploit attemptexploit probingexploit targetingfin scanftpftp attacksftp brute forcehoneytrap honeypothttp brute forcehttp scannerhttpsindicatorinitial accessinjection attacksintrusion detectioniot targetedkfsensor honeypotlateral movementlogin attemptmalicious activitymalicious communicationmalicious domainsmalicious ipsmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturenetherlandsnetworknetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americanull scanos credential dumpingpassword attacksphishing attackpossible reconnaissancepotential compromiseprocess injectionprotocol exploitationreconnaissancerecyber_project-benignremote accessremote servicesresearchedsansscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedservice enumerationshell commandsmb scanningsocial engineeringssh attackssh monitoringsyn scansystem discoveryt-pott1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.004t1040t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1076t1078t1078.002t1078.003t1078.004t1082t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1583t1588t1588.002t1588.006t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpottsecudp port scanudp scanunauthorized accessunauthorized access attemptsunauthorized activityunauthorized login attemptunited statesunknown threat actorus-akverified-benignweb application attackweb attackweb exploitationweb trafficxmas scan
Activity Timeline
Jan 27Jan 27
Threat Activity Heatmap
· Peak: 2026-01-27LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
78
SIGNAL
Signal Score
78%
Confidence
18
Reports
First seenMar 11, 2021
Last seenJan 27, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS202425
OrgQuasi Networks LTD.
Coords52.3676, 4.9041
VirusTotal
Not checked
WHOIS
- description
- Indicators observed by T-Pot CE honeypots. Signals are deduped and filtered (min event count threshold; private IPs excluded). Indicators carry per-sensor tags (e.g., cowrie/suricata/dionaea/honeytrap). Intended for defensive use; infrastructure may be compromised or spoofed. Sensor: T-Pot CE.
- raw
- inetnum: 89.248.165.0 - 89.248.165.255 netname: NET-2-165 descr: RECYBER PROJECT NETBLOCK remarks: +----------------------------------------------- remarks: | This net-block is not trying to hack you, we are only scanning remarks: | for LEGIT purposes ONLY. This scanning is done by multiple remarks: | security organizations. remarks: | Please use https://www.recyber.net/opt-out remarks: | to have your ip-address and/or netblock/as number white-listed remarks: | and excluded from this project. remarks: | If you have any further questions please contact [email protected] remarks: +----------------------------------------------- country: NL org: ORG-IVI1-RIPE geoloc: 52.370216 4.895168 admin-c: RR13369-RIPE abuse-c: RR13369-RIPE tech-c: RR13369-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2019-02-03T20:52:14Z last-modified: 2021-11-29T16:03:44Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: RECYBER ROLE address: 35 Firs Avenue, London, England, N11 3NE abuse-mailbox: [email protected] nic-hdl: RR13369-RIPE mnt-by: IPV created: 2021-01-27T15:12:59Z last-modified: 2021-01-27T15:12:59Z source: RIPE # Filtered route: 89.248.165.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-08T15:42:07Z last-modified: 2019-02-08T15:42:07Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 4 months ago
Appeared in 18 threat reports