IOC Radar
IPMediumSignal 83/100

89.42.231.179

Location
NetherlandsNetherlands
Amsterdam, Noord-Holland
ASN
AS206264
Amarutu Technology Ltd
First Seen
Jun 10, 2025
Last Seen
May 30, 2026
Jun 10
First Seen
379d ago
May 30
Last Seen
25d ago
20
Reports
source reports
83%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, Noord-Holland
ASNAS206264
OrganizationAmarutu Technology Ltd

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

20 reports83% confidence
20
Source reports
83%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningactor listadbadb exploitadbhoney activityadbhoney honeypotaptasiaattackattack activityattack source ipattack surface discoveryattack vectorsattacker ipattacker ip addressesattacker-ipaustraliaauthentication attacksauthentication attemptsautomated attackautomated attacksautomated threatbad reputationbad web botblacklist ipblacklisted ip addressblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackc2canadachinacisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostconnect scanconpot activityconpot honeypotcowrie activitycowrie attackscowrie capturecowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential access attemptcredential attackscredential brute forcingcredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-accesscredential_accesscredential_attackcyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedetected botnet activitydevice managementdictionary_attackdigital oceandigitalocean ipdigitalocean ipsdionaea activitydionaea attacksdionaea capturedionaea exploitsdionaea honeypotdionaea malware detectiondistributed attacksdnsdns attackdropperencryptionenterprise networkingenumerationeuropeexploitexploit attemptexploit attemptsexploit public-facing applicationexploitationexploitation activityexploitation of vulnerabilitiesexploited hostexternal scanningexternal threatexternal_threatfattfin scanfranceftpftp brute forceftp brute-forceftp scanftp scanninghackingheralding activityhoneytrap datahoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp scanhttp scannerhttpshydraics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial_access_attemptinjection activityinjection attacksinternet of thingsinternet scaninternet-facing assetsinternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scanintrusion attemptintrusion detectioniot botnetiot securityiot targetediot/ics attackip-addressesipv4ipv4 activityipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4_addressjapanlamplamp attacklamp exploit attemptslamp exploitation attemptlamp exploitation attemptslamp stack targetinglamp vulnerability scanlateral movementlcialogin attacklogin attemptslogin_attemptlondonmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious adb activitymalicious code detectionmalicious infrastructuremalicious ip listmalicious ipsmalicious ipv4malicious login attemptsmalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware campaignmalware capturemalware deliverymalware distributionmass scanningmasscanmelbourne regionmirai botnetmisp threatmobilemobile securitynetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_activitynetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnlnmapnorth americanull scanoceaniaopen port detectionopen threatopen_port_discoveryopportunistic attackotx pulsenametip0fpassword attackpassword attackspassword_attackphishingphishing attackphishing trapping of deathpinyinpla unitpossible malware distributionpotential threat actorpotential vulnerability probingprocess injectionprotocol exploitationproxyproxy protocolpublic cloudpublic cloud targetingransomwarerdp scanrdp scanningreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingromaniascanscannerscanner ipscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionservice discoveryservice enumerationservice exploitation attemptsservice probingservice scanservice_enumerationsftp access attemptsftp access attemptssftp activitysftp attacksingaporesip brute forcesip scanningsip vulnerability scansmb brute forcesmtpsmtp scansocial engineeringsocradar honeypotsoftware exploitationspamssh attackssh monitoringssh scansynsyn scant-pott1016t1018t1021t1021.001t1021.002t1027t1040t1041t1046t1053.005t1055t1059t1059.003t1059.004t1059.007t1064t1071t1071.001t1076t1077t1078t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1589t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantcp scanningtcp_scantelecommunicationstelnet scantelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat-intelligencethreat_intelligenceti advisorytokyotor nodetorontotpottsocudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized probingunit coverunited kingdomunited statesunknown actorunknown threat actorvoipvoip attackvpnvpn ipvulnerability scanvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr parisvultr tokyovultr_platform_activityweb app attackweb application attackweb application attacksweb application scanningweb attackweb brute forceweb exploitationweb spamweb trafficxmas scan

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
20
Reports
First seenJun 10, 2025
Last seenMay 30, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, Noord-Holland
ASNAS206264
OrgAmarutu Technology Ltd
Coords52.3785, 4.9000
ProxyVPN

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 25 days ago
Appeared in 20 threat reports