IOC Radar
IPMediumSignal 77/100

89.248.165.52

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS202425
Quasi Networks LTD.
First Seen
Jan 5, 2021
Last Seen
Jan 27, 2026
Jan 5
First Seen
2000d ago
Jan 27
Last Seen
152d ago
20
Reports
source reports
77%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

54 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS202425
OrganizationQuasi Networks LTD.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

20 reports77% confidence
20
Source reports
77%
Confidence score
Category tags
abuseaccess controlactive scanningapplication layer protocolbeningbening scannerblacklist candidatebotnetbrute forcebrute force attackbrute force attackscommand and controlcommand injectioncommon password attackscommunication protocolcompromised credentials attemptconnect scancredential accesscredential bruteforcingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdatabase attacksdatabase securityddos attacksdecoy systemdenial of servicedictionary attackdirectory traversaldistributed attackseuropeexploit attemptsexploit probingfin scanftpftp brute forcehackinghttp brute forcehttp scannerhttpsindicatorinitial accessinjection attacksinput validationinternet of thingsintrusion detectioninvalid login attemptsiot botnetiot/ics attacklateral movementload balancermalwaremalware detectionmalware propagation attemptmirai botnetnetherlandsnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americanull scanpassword attackpassword attacksphishing attackpossible botnet activitypossible reconnaissanceprotocol exploitationproxyreconnaissancerecyber_project-benignremote accessremote access attemptremote servicesresearchedsansscanscannerscanning activityscripting attackssecurity policyservice enumerationservice probingsmb brute forcesmb scanningsmtpsocial engineeringsql injection attemptssh attacksynsyn scant1016t1018t1021t1021.001t1021.002t1021.003t1040t1046t1053t1059t1059.003t1059.004t1059.005t1059.006t1059.007t1068t1071t1071.001t1076t1077t1078t1082t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1563t1566t1566.001t1566.002t1566.003t1588t1588.002t1589t1590t1592t1595t1595.001t1595.002t1595.003t1608tcp protocoltcp scanningtelnet threatthreat intelligencethreat preventiontsecudp port scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited statesvalid accountsverified-benignwafweb attackweb exploitationweb scannerweb trafficxmas scanxss

Activity Timeline

1 total obs
Jan 27Jan 27

Threat Activity Heatmap

· Peak: 2026-01-27
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
20
Reports
First seenJan 5, 2021
Last seenJan 27, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS202425
OrgQuasi Networks LTD.
Coords52.3676, 4.9041
Proxy

VirusTotal

Not checked

WHOIS

description
HoneyNet Event: 89.248.165.52 connected: 70 times over ports: 45619, 4204, 4386 Tags: P0f, Suricata, Honeytrap,45619, 4204, 4386
raw
inetnum: 89.248.165.0 - 89.248.165.255 netname: NET-2-165 descr: RECYBER PROJECT NETBLOCK remarks: +----------------------------------------------- remarks: | This net-block is not trying to hack you, we are only scanning remarks: | for LEGIT purposes ONLY. This scanning is done by multiple remarks: | security organizations. remarks: | Please use https://www.recyber.net/opt-out remarks: | to have your ip-address and/or netblock/as number white-listed remarks: | and excluded from this project. remarks: | If you have any further questions please contact [email protected] remarks: +----------------------------------------------- country: NL org: ORG-IVI1-RIPE geoloc: 52.370216 4.895168 admin-c: RR13369-RIPE abuse-c: RR13369-RIPE tech-c: RR13369-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2019-02-03T20:52:14Z last-modified: 2021-11-29T16:03:44Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: RECYBER ROLE address: 35 Firs Avenue, London, England, N11 3NE abuse-mailbox: [email protected] nic-hdl: RR13369-RIPE mnt-by: IPV created: 2021-01-27T15:12:59Z last-modified: 2021-01-27T15:12:59Z source: RIPE # Filtered route: 89.248.165.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-08T15:42:07Z last-modified: 2019-02-08T15:42:07Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 5 months ago
Appeared in 20 threat reports