IPMediumSignal 73/100

`89.248.167.131`

Location

Netherlands

Amsterdam, North Holland

ASN

AS202425

IP Volume inc

First Seen

Aug 26, 2020

Last Seen

Jun 19, 2026

Aug 26

First Seen

2129d ago

Jun 19

Last Seen

7d ago

Reports

source reports

73%

Confidence

medium

Found in 50 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

73%

Signal Score

73 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

121 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS202425

OrganizationIP Volume inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

50 reports73% confidence

Source reports

73%

Confidence score

Category tags

abuseaccessaccess attemptsaccess controlaccount compromiseaccount securityackack scanactionactive reconnaissanceactive scanactive scanningadbadbhoney activityadbhoney attacksadbhoney exploitationadbhoney honeypotadbhoney interactionsadminadministrative accessagentalertanomalous network connectionsapi servicesapplication layer protocolaptasaasiaasset discoveryattachment phishingattackattack attemptattack preparatoryattack sourceattack surface discoveryattack vectorsattacker ipattacker ip addressesattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication bypass attemptauthentication failureauthentication-attemptsautomated attackautomated attacksautomated emailautomated enumerationautomated reconnaissance activityautomated threatautomated-attackautomated_attackautomated_attacksbad reputationbad web botbankingbanner grabbing attemptbase64base64 encodingbecbeningbening scannerblacklist candidateblacklist ipblacklisted ipblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulk emailc2c2 communicationc2 servercanadachilechina mobilecins activecisco asacisco devicecisco device attackcisco device targetedcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco targetedcisco vulnerability exploitationcisco_device_attackcisco_devicescitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescloud_infrastructurecode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon password attackscommon vulnerabilitiescommunication protocolcommunication technologiescompany limitedcompromise attemptcompromise attemptscompromised credentialscompromised hostcompromised host activitycompromised hostscompromised system attemptcompromised systemsconfigconnectconnect scanconpotconpot activityconpot attacksconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactionconpot interactionscontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie interactioncowrie interactionscowrie logscowrie sshcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie ssh logscredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential brute-forcingcredential bruteforcingcredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential phishingcredential stuffingcredential theftcredential-accesscredential-stuffingcredential_accesscredential_access_attemptscredential_attackcredential_stuffingcredentialscredit card servicescross-site scripting attemptcsscurlcvecyber threatsdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvesting attemptsdata store exposuredata theftdatabase access attemptdatabase attackdatabase attacksdatabase brute forcedatabase exploit attemptsdatabase login attemptdatabase probingdatabase securitydatabase-serverdatabase_serverdcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos preparationddos probeddospotdecoy systemdenialdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipdigitalocean ipsdigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea exploit attemptsdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea malware trapdionaea payloadsdirectory traversal attemptdiscovery phasedistributed attacksdnsdns attackdockerdshield blockelasticpot activityelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenumeration attemptet dropeu cyber policieseuropeexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit targetingexploit: web applicationexploit_attemptexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexposed services exploitationexternal access attemptsexternal attackexternal network scanexternal reconnaissanceexternal scanexternal scanningexternal threatexternal-scanningexternal_threatfailed login attemptsfailed loginsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinancefinancial servicesfinancial technologyfinlandfirewall detectionfirewall detection probefrancefraud voipftogftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp scanningftp_bruteforceftp_scangalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityheralding probesherolding attackshk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/httpshttp/shttp_scanhttpshttps probehurricane ushydraicmpics securityidentity & access exploitationimapimpactinbound scanindicators of compromiseindustrial control systemsinfoinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial-accessinitial_accessinitial_access_attemptinjection activityinjection attacksintel macinternet background noiseinternet exposedinternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet scaninternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scannersinternet_wide_scanintrusion detectioninvalid login attemptsiocioc.ipiocsiot botnetiot device targetingiot exploit attemptsiot securityiot targetediot/ics attackiot_attackip-address-iocip-addressesipphoney activityipphoney dataipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4_addressipv4_indicatorsipv4_scanningjapankfsensor honeypotkhtmlkibanakill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server probelamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_stack_attacklatamlateral movementlateral movement techniqueslateral_movementlcialinuxlinux malwarelinux malware probelinux serverslinux systemslinux systems targetedlinux x8664linux-server-attacklinux-server-attackslinux-systemlinux_server_attackslinux_serverslisted sourcelog analysislog4potloginlogin attacklogin attemptlogin attemptslogin_attemptlondonlow-riskmailoney activitymailoney capturemailoney detectionmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious code injectionmalicious emailmalicious email detectionmalicious emailsmalicious file transfermalicious file uploadsmalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip detectedmalicious ip listmalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalicious-activitymalicious-ipmalicious-login-attemptsmalicious-scanmalicious_activitymalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware detectionmalware distributionmalware downloadmalware download attemptsmalware hostingmalware landingmalware propagationmalware_activitymalware_detectionmanualmass scanningmass scanning activitymasscanmassive port scanmedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmispmobilemobile carriersmobile networksmobile securitymonthlymssqlmssql brute forcemysql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork device exploitationnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service exploitationnetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-reconnaissancenetwork-servicenetwork_activitynetwork_enumerationnetwork_intrusionnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnlnmapnmap scannorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen proxyopenctiopenporsts_com-benignoperating systemoperating system securityopportunistic attackopportunistic attackeros credential dumpingos fingerprintingos fingerprinting attemptos xosintp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespasswordpassword attackpassword attackspassword crackingpassword sprayingpassword theftpassword-guessingpassword_attackpayment fraudpayment processingperimeter devicesperimeter securitypgp signphishingphishing attackphishing campaignphishing trapphp exploitphp injection attemptspingping of deathpolandpoor reputationportport-scanningportscanpossible botnet activitypossible credential reusepossible credential stuffingpossible exploit attemptpossible exploit attemptspossible malware deliverypossible malware distributionpossible malware dropperpossible malware payloadpossible malware propagationpossible mirai variantpossible reconnaissancepossible vulnerability scanningpotential botnetpotential botnet activitypotential compromisepotential credential compromisepotential credential stuffingpotential exploit activitypotential exploit attemptpotential exploit attemptspotential intrusionpotential intrusion attemptpotential malicious activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential malware uploadpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprice requestprice request scamprivilege escalationprobing activityprocess injectionprotoprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpublic cloudpublic cloud targetingpythonransomwareransomware activityrcerdprdp attacksrdp scanrdp scanningrdp_scanreconnaissancereconnaissance activityredisredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredis honeypot attacksredishoneypotredishoneypot activityregional securityremote accessremote access attacksremote access attemptsremote service exploitationremote servicesremote_access_serviceresearchresearchedresource exhaustionresource hijackingrpcrtbhsansscada exploitation attemptsscams & fraudscanscannerscanner detectionscanner ipscanner ipsscannersscanning activityschedule themescheduled task abusescriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer connectionssentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserverserver exploitationserver securityserviceservice detectionservice discoveryservice disruptionservice enumerationservice exploitationservice probingservice scanservice scanningservice version detectionservice-discoveryservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp intrusion attemptsftp intrusion attemptssftp probingsftp scanningsftp traffic analysissftp-attacksftp_attackshellshell accessshell access attemptsshodan_io-benignsingaporesipsip attackssip brute forcesip enumerationsip heraldingsip scansip scanningsip vulnerability exploitationsip vulnerability scansip vulnerability scanningsip_attacksippskypeslugsmb brute forcesmb exploitationsmtpsmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp traffic analysissmtp_attacksnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql serversql-injectionsshssh attackssh attacksssh bruteforcessh monitoringssh scanssh scanningssh-brutessh-brute-forcessh_bruteforcessh_scanstealthstealth scansurface websuricata alertsuricata alertssweep scansynsyn port scansyn scansyn_scansystem discoverysystem reconnaissancet-pott1003t1003.001t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1199t1203t1204t1204.002t1205t1205 traffict1210t1213t1486t1496t1498t1498 networkt1498.001t1498.002t1499t1499 endpointt1499.001t1499.002t1499.003t1505t1505.002t1505.004t1550t1550.002t1550.003t1552.001t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1598t1598.003ta0001 initialta0005 defenseta0040 impacttannertanner activitytanner attackstanner eventstanner exploit attemptstanner exploit kittanner honeypot activitytanner incidenttanner interactionstanner web attacktargeting databasetariff server compromisetariff server themetariffs servertcptcp port scanningtcp protocoltcp scantcp scanningtcp-scantcp-scanningtcp/iptelecom servicestelecommunicationstelnettelnet attackstelnet attemptstelnet scantelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intel-feedthreat_actor_unknownthreat_discoverythreat_intelligencetimeouttokyotop10.txttopips.txttor nodetorontotpottpotcetsecttpsubuntuudp port scanudp port scanningudp scanudp-scanudp-scanningunattributed activityunattributed threat actorunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized probingunauthorized-access-attemptunauthorized_access_attemptunidentified threat actorunited kingdomunited statesunknown actorunknown threat actorunusual network trafficus abuseus based attackus ip addressus noneus sourcevalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvoip systemsvulnerability scanvultrvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr ip addressvultr platformvultr tokyoweak credentialswealth managementweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanningweb applicationsweb attackweb attacksweb crawling detectionweb developmentweb exploit attemptsweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serversweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-attackweb-serverweb_attackweb_attacksweb_serverwetransfer abusewgetwinwindowswindows malwarewindows ntwordpotxmasxmas port scanxmas scanxmas_scan

Activity Timeline

1 total obs

Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

73%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 19, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS202425

OrgIP Volume inc

Coords51.4964, -0.1224

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: inetnum: 89.248.167.0 - 89.248.167.255 netname: NET-2-167 descr: IPV NETBLOCK country: NL geoloc: 52.370216 4.895168 org: ORG-IVI1-RIPE admin-c: IVI24-RIPE tech-c: IVI24-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2008-03-17T10:26:22Z last-modified: 2019-02-03T20:53:46Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: IPV address: BZ nic-hdl: IVI24-RIPE mnt-by: IPV created: 2018-05-16T13:28:41Z last-modified: 2023-09-08T14:14:36Z source: RIPE # Filtered route: 89.248.167.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-08T15:42:24Z last-modified: 2019-02-08T15:42:24Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt

`89.248.167.131`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey