IOC Radar
IPMediumSignal 33/100

92.118.39.209

Location
NetherlandsNetherlands
Amsterdam, TX
ASN
AS47890
Pptechnology Limited
First Seen
Jun 1, 2024
Last Seen
Jun 18, 2026
Jun 1
First Seen
756d ago
Jun 18
Last Seen
9d ago
28
Reports
source reports
33%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
33%
Signal Score
33 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, TX
ASNAS47890
OrganizationPptechnology Limited

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

28 reports33% confidence
28
Source reports
33%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapacheapache attackerapplication layer protocolaptattackauthentication bypassauto-generated securitybad reputationbad web botblacklist candidateblacklist ipblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute-forcebruteforcec2 communicationcivil servicescommand & controlcommand and controlcommunication protocolcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attack preparationddos attacksdecoy systemdenial of servicedistributed attacksdmzhostdnsdns attackdovecotencryptioneuropeexploitexploitationexploitation activityexploited hostftpgovernment technologyhackinghttp scannerhttpsidentity & access exploitationimapimap attackindicatorinformation technologyinfrastructure acquisitionreconnaissanceinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackircit infrastructurelateral movementmailcowmalicious activitymalicious ipmalicious scanmalicious softwaremalwaremalware distributionmanualmiraimirai botnetnetherlandsnetworknetwork attacksnetwork intrusionnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnlnorth americaopenctipassword attackpassword attacksphishingphishing attackprocess injectionprotocol exploitationproxyproxy protocolpublic administrationpublic infrastructurepublic policyreconnaissancereconnaissance activityregulatory agenciesremote accessremote system discoveryresearchedroromaniasaasscanscannersecurity policyservice probingservice scansipsmtpsmtp attackersocial engineeringsoftware developmentspamsshssh attacksslsystem discoveryt1016t1018t1021t1040t1046t1053t1055t1059t1059.003t1071t1071.001t1078t1078.001t1078.002t1078.003t1083t1110t1110 credential accesst1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1587.001t1589t1590.001t1592t1595t1595 active scanningt1595.001t1595.002t1595.003tcptcp protocoltelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodetpotunited statesvoipvpnvulnerability scanvulnerability-exploitationweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
33
SIGNAL
Signal Score
33%
Confidence
28
Reports
First seenJun 1, 2024
Last seenJun 18, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, TX
ASNAS47890
OrgPptechnology Limited
Coords32.7797, -96.8022
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Brute-force source · part of 20-IP coordinated attack
raw
inetnum: 92.118.39.0 - 92.118.39.255 org: ORG-DL591-RIPE netname: DMZHOST descr: https://dmzhost.co country: NL admin-c: ACRO57756-RIPE tech-c: ACRO57756-RIPE status: ASSIGNED PA created: 2021-10-29T18:07:41Z last-modified: 2024-11-21T09:33:40Z source: RIPE mnt-by: CYBR-DMZ mnt-by: TECHOFF-MNT organisation: ORG-DL591-RIPE mnt-ref: MNT-NETERRA org-name: DMZHOST org-type: OTHER address: 35 Firs Avenue, London, England, N11 3NE country: GB abuse-c: ACRO57756-RIPE mnt-ref: CYBR-DMZ mnt-by: CYBR-DMZ created: 2024-10-04T20:10:55Z last-modified: 2024-10-04T21:36:05Z source: RIPE # Filtered role: Abuse contact role object address: Damrak 8. Amsterdam abuse-mailbox: [email protected] nic-hdl: ACRO57756-RIPE mnt-by: CYBR-DMZ created: 2024-10-04T20:10:42Z last-modified: 2024-10-04T20:10:55Z source: RIPE # Filtered route: 92.118.39.0/24 origin: AS47890 mnt-by: UNMANAGED mnt-by: ro-btel2-1-mnt created: 2022-08-06T20:30:04Z last-modified: 2022-08-06T20:30:04Z source: RIPE route: 92.118.39.0/24 origin: AS48090 mnt-by: UNMANAGED mnt-by: ro-btel2-1-mnt created: 2021-10-28T17:46:04Z last-modified: 2021-10-28T17:46:04Z source: RIPE
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 9 days ago
Appeared in 28 threat reports