IPMediumSignal 58/100
92.118.39.74
Location
NetherlandsDallas, TX
ASN
AS47890
Pptechnology Limited
First Seen
Jul 20, 2024
Last Seen
Jun 8, 2026
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionDallas, TX
ASNAS47890
OrganizationPptechnology Limited
Feed Intelligence Summary
26 reports58% confidence
26
Source reports
58%
Confidence score
Category tags
abuseaccess attemptaccount compromiseackactive scanactive scanningadbhoney honeypotasiaasset discoveryatif feedattackattack vectorsattacker ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failureautomated attackautomated attacksbad reputationbad web botbanlist feedbinary defenseblacklisted ipblacklisted ip addressblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_force_attackbrute_force_attemptbruteforcec2canadacisco devicecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromise attemptcompromised hostcompromised hostscompromised systemcowriecowrie honeypotcowrie honeypot datacowrie interactionscredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential-accessctadata encryptiondata exfiltrationdata store exposuredatabase attackddosddos attackddos attemptdecoy systemdenial of servicedenial-of-servicedevice managementdigital oceandigitalocean infrastructuredionaeadionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackencryptionenterprise networkingenumerationeuropeexploitexploit attemptexploit attemptsexploitation activityexploited hostexposed servicesexternal scanningexternal threatexternal_threatfail2ban alertfail2ban triggerfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfatt detectionsfatt signaturesfin scanfirewall logs analysisfranceftpftp attacksftp brute forceftp_scangithubhackinghoneytrap eventshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp_scanhttpshuhungaryidentity & access exploitationinbound scaninfoinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitiator ipinjection activityinternet background noiseinternet exposedinternet-facing assetsinternet-wide scaninternet_scaninternet_wide_scanintrusion detectioniocipv4ipv4 addressipv4_addressipv4_scanningjapanlamplateral movementlogin attacklogin attemptlogin failurelogin_attemptlondonmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious communication blockingmalicious ipsmalicious softwaremalicious trafficmalicious-scanmalwaremalware beaconingmalware behaviourmalware capturemalware detectionmalware propagationmalware scanningmanualmultiple failed loginsmysqlnetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork perimeternetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_activitynetwork_discoverynetwork_enumerationnetwork_reconnaissancenetwork_scanningnginxnorth americanoticenull scanoceaniaopen_port_discoveryopenctip0fp0f signaturespassword attackpassword attackspassword crackingphishingphishing attackphishing trapping of deathportscanpossible credential stuffingpossible exploit attemptspotential credential stuffingprocess injectionprotocol exploitationproxypythonransomwarerdp_scanreconnaissanceremote accessremote servicesresearchedresource hijackingroromaniascannerscanner activityscannersscanning activityscanning_activitysecurity eventsecurity operationssensor-taggedsentrypeer botnetsentrypeer eventssentrypeer interactionsserverservice detectionservice discoveryservice enumerationservice scanservice-discoveryservice_enumerationsftpsftp attacksftp exploit attemptslugsmtpsmtp brute forcesmtp probingsocial engineeringsocradar honeypotspamsql injection attemptssshssh attackssh attacksssh monitoringssh_scansurface websuricata alertssynsyn scansystem accesst-pott1018t1021t1021.001t1021.002t1021.004t1029t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1076t1077t1078t1078.002t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1583t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp-scantcp_scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat_actor_unknownthreat_discoverytokyotor nodetpotudp port scanudp scanudp-scanudp_scanunauthorized accessunauthorized access attemptunauthorized login attemptsunauthorized probingunited kingdomunited statesunknown threat actorus ip addressus source ipuser enumerationvalid accountsvoipvoip attackvulnerability scanvultrvultr infrastructureweb app attackweb application attackweb exploitweb exploitationweb exploitsweb spamweb trafficxmas scan
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
· Peak: 2026-06-08LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
26
Reports
First seenJul 20, 2024
Last seenJun 8, 2026
GeolocationNL
CountryNetherlands
LocationDallas, TX
ASNAS47890
OrgPptechnology Limited
Coords32.7797, -96.8022
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=US; ports=80,443 Location=Sydney, Australia.
- raw
- NetRange: 92.0.0.0 - 92.255.255.255 CIDR: 92.0.0.0/8 NetName: 92-RIPE NetHandle: NET-92-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2007-03-27 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/92.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
- references
- https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 20 days ago
Appeared in 26 threat reports