IOC Radar
IPMediumSignal 100/100

89.248.165.216

Location
The NetherlandsThe Netherlands
Amsterdam, North Holland
ASN
AS202425
Quasi Networks LTD.
First Seen
Mar 24, 2021
Last Seen
Mar 22, 2026
Mar 24
First Seen
1921d ago
Mar 22
Last Seen
96d ago
23
Reports
source reports
99%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryNLThe Netherlands
RegionAmsterdam, North Holland
ASNAS202425
OrganizationQuasi Networks LTD.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

23 reports99% confidence
23
Source reports
99%
Confidence score
Category tags
abuseaccount discoveryack scanactive scanningapacheapache attackerbeningbening scannerbotnetbrute forcebrute force attackcommand and controlcommunication protocolconnect scancredential accesscredential stuffingdata exfiltrationdecoy systemdenial of servicedistributed attacksenumerationenumeration attempteuropeexternal scanfinfin port scanfin scanfirewall detectionfirewall detection probeftp brute forcehackinghttp brute forceids evasioninitial accessmalicious softwaremalwaremassive port scannetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnull port scannull scanopen port detectionos detectionos fingerprintingos fingerprinting attemptpassword attackspassword crackingpossible reconnaissancepotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprocess injectionprotocol exploitationproxyreconnaissancereconnaissance activityrecyber_project-benignremote accessremote servicesresearchedsansscannerservice detectionservice discoveryservice enumerationservice version detectionssh attackstealthstealth scansuspected malicious activitysynsyn port scansyn scansystem discoveryt1016t1018t1021t1021.001t1040t1046t1055t1059t1068t1071.001t1076t1078t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1563t1565t1589t1589.002t1595t1595.001t1595.002t1595.003targeted scantcp protocoltelnet threatthreat intelligencetsecudp port scanverified-benignversion detectionxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Mar 22Mar 22

Threat Activity Heatmap

· Peak: 2026-03-22
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
23
Reports
First seenMar 24, 2021
Last seenMar 22, 2026
GeolocationNL
CountryThe Netherlands
LocationAmsterdam, North Holland
ASNAS202425
OrgQuasi Networks LTD.
Coords52.3716, 4.8883
Proxy

VirusTotal

Not checked

WHOIS

description
Port Scan 2024-09-12T22:44:03.000Z -> 89.248.165.216 scanned port 26611 on one of our servers
raw
inetnum: 89.248.165.0 - 89.248.165.255 netname: NET-2-165 descr: RECYBER PROJECT NETBLOCK remarks: +----------------------------------------------- remarks: | This net-block is not trying to hack you, we are only scanning remarks: | for LEGIT purposes ONLY. This scanning is done by multiple remarks: | security organizations. remarks: | Please use https://www.recyber.net/opt-out remarks: | to have your ip-address and/or netblock/as number white-listed remarks: | and excluded from this project. remarks: | If you have any further questions please contact [email protected] remarks: +----------------------------------------------- country: NL org: ORG-IVI1-RIPE geoloc: 52.370216 4.895168 admin-c: RR13369-RIPE abuse-c: RR13369-RIPE tech-c: RR13369-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2019-02-03T20:52:14Z last-modified: 2021-11-29T16:03:44Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: RECYBER ROLE address: 35 Firs Avenue, London, England, N11 3NE abuse-mailbox: [email protected] nic-hdl: RR13369-RIPE mnt-by: IPV created: 2021-01-27T15:12:59Z last-modified: 2021-01-27T15:12:59Z source: RIPE # Filtered route: 89.248.165.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-08T15:42:07Z last-modified: 2019-02-08T15:42:07Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 3 months ago
Appeared in 23 threat reports