IPMediumSignal 67/100

`93.174.95.106`

Location

Netherlands

Amsterdam, North Holland

ASN

AS202425

IP Volume inc

First Seen

Aug 26, 2020

Last Seen

Jun 19, 2026

Aug 26

First Seen

2125d ago

Jun 19

Last Seen

2d ago

Reports

source reports

67%

Confidence

medium

Found in 52 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

67%

Signal Score

67 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

135 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS202425

OrganizationIP Volume inc

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

52 reports67% confidence

Source reports

67%

Confidence score

Category tags

abuseaccessaccess attemptaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningadbadb attacksadb brute forceadb exploitadb scanningadbhoney activityadbhoney alertsadbhoney honeypotadbhoney interactionsadministrative accessagentalaskaalertandroid device attacksandroid devicesandroid_attackanomalous network connectionsapi servicesapplication layer protocolaptasiaasset discoveryattachment phishingattackattack activityattack attemptattack preparatoryattack surface discoveryattack vectorsattacker-ipattempted initial accessaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication-attemptsauto-generated securityautomated attackautomated attack attemptsautomated attack blockingautomated attacksautomated emailautomated enumerationautomated reconnaissance activityautomated threatautomated threatsautomated-attackautomated_attackautomated_attacksbad ip'sbad reputationbad web botbankingbanner grabbing attemptbase64base64 encodingbecbeningbening scannerblacklist candidateblacklist ipblacklisted ipblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet_activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbrute_force_attemptbruteforcebulk emailc2c2 communicationc2 servercanadacentoscertchina mobilecins activecisco asacisco attackcisco brute forcecisco devicecisco device attackcisco device attackscisco device scanningcisco device targetedcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco vulnerability exploitationcisco_device_attackcisco_devicescisco_exploitcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescloud-infrastructurecloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon vulnerabilitiescommunication protocolcommunication securitycommunication technologiescompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host indicatorscompromised hostscompromised system attemptcompromised systemsconnectconnect scanconnected devicesconpotconpot activityconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactioncontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie honeypotcowrie honeypot datacowrie interactioncowrie interactionscowrie logscowrie session detectedcowrie sshcowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscowrie_attackcredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential brute-forcingcredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential phishingcredential stuffingcredential theftcredential-accesscredential-bruteforcingcredential-stuffingcredential_accesscredential_access_attemptscredential_attackcredential_stuffingcredentialscredit card servicesctacurlcvecyber securitycyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvestingdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitdatabase exploit attemptsdatabase exploitationdatabase intrusion attemptdatabase login attemptdatabase probedatabase probingdatabase scandatabase securitydatabase serversdatabase servicedatabase_attackdatabase_serverdcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos preparationddos probeddos probingddospotdecoy systemdefensedefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdetect-debug-environmentdevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipdigitalocean ipsdigitalocean platformdionaeadionaea activitydionaea alertdionaea attackdionaea attack signaturesdionaea attacksdionaea capturedionaea detectiondionaea eventsdionaea exploit attemptsdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdionaea signaturesdirectory traversaldirectory traversal attemptdirectory traversal probediscovery phasedistributed attacksdnp3dnsdns attackdockerdrive-by compromisedropperdshield blockelasticpot activityelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringelfemailencryptionenergyenterprise networkingenterprise securityenumerationet dropethernet/ipeu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit scanexploit targetingexploit_attemptexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexposed services exploitationexternal access attemptsexternal attackexternal facing serviceexternal reconnaissanceexternal scanexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatfailedfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfirewall detectionfirewall evasionfirewall_blockfrancefraud voipftpftp attackftp attacksftp attemptftp brute forceftp brute-forceftp scanftp_bruteforceftp_scangalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityheralding attacksheralding probeshk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/shttp_scanhttpshttps probehttps scanninghurricane ushydraicmpicsics protocol attacksics securityics/scadaics/scada attackics/scada attacksics/scada systemsics_scadaidentity & access exploitationimapimap attacksinbound scanindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure attackinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access activityinitial access attemptinitial access preparationinitial access vectorinitial_accessinitial_access_attemptinitiator ipinjection activityinjection attacksinput validationintel macinternal scaninternet exposedinternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet scaninternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing servicesinternet-facing systemsinternet-scanninginternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_wide_scanintrusion detectioniocioc.ipiocsiot analyticsiot applicationsiot attackiot attacksiot botnetiot device attacksiot device targetingiot devicesiot exploitation attemptsiot platformsiot securityiot targetediot/ics attackiot_attackip-addressesipmi scanningippipphoney activityipphoney dataipphoney honeypotipv4ipv4 activityipv4 addressesipv4 attackipv4 attacksipv4 indicatoripv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4 trafficipv4-addressesipv4-iocipv4-scanningipv4_activityipv4_addressipv4_indicatorsipv4_scanningit infrastructurejapankfsensor honeypotkhtmlkibanalamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server attackslamp server probelamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_exploitlamp_stack_attacklateral movementlateral movement techniqueslateral_movementlinuxlinux exploitlinux malwarelinux serverslinux system exploitationlinux systemslinux x8664linux-server-attacklinux-server-attackslinux_server_attackslinux_serverslisted sourceload balancerlog4potloginlogin attacklogin attemptlogin attemptslogin_attemptlondonmail service attackmailoney activitymailoney attackmailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmalicious activitymalicious activity detectedmalicious adb activitymalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious emailsmalicious file transfermalicious file uploadsmalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip detectedmalicious ip listmalicious ipsmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload detectionmalicious scanmalicious script executionmalicious softwaremalicious software detectionmalicious trafficmalicious-activitymalicious-login-attemptsmalicious-scanmalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware detectionmalware distributionmalware distribution attemptmalware distribution attemptsmalware downloadmalware download attemptmalware download attemptsmalware probesmalware propagationmalware propagation attemptmalware propagation attemptsmalware stagingmalware_activitymalware_detectionmanualmass scanningmass scanning activitymass-scanningmasscanmasscan activitymassive scanningmedpotmicrosoft technologiesmiraimirai botnetmobilemobile carriersmobile networksmobile securitymobile threatmodbusmodbus attacksmssqlmssql brute forcemysql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork device attacknetwork device attacksnetwork device compromisenetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service exploitationnetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_devicenetwork_device_attacknetwork_discoverynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnextraynlnmapnmap scannmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port identificationopen portsopen proxyopen_port_discoveryopenctiopenporsts_com-benignopensshoperating systemoperating system detectionoperating system securityopportunistic attackopportunistic attackeropportunistic-attackoriginos credential dumpingos detectionos fingerprintingos xp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispasswordpassword attackpassword attackspassword crackingpassword sprayingpassword theftpassword-guessingpassword_attackpayment fraudpayment processingperimeter devicesperimeter securitypgp signphishingphishing attackphishing campaignphishing trapphp exploitphp exploitation attemptsphp injection attemptspingping of deathpolandpoor reputationpop3 attacksportport-scanningportscanpossible botnet activitypossible credential reusepossible credential stuffingpossible exploit attemptpossible exploit attemptspossible malware deliverypossible malware distributionpossible malware propagationpossible mirai variantpossible reconnaissancepossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpotential botnetpotential botnet activitypotential credential stuffingpotential credential theftpotential exploit activitypotential exploit attemptspotential exploit targetingpotential intrusionpotential intrusion attemptpotential malicious activitypotential malwarepotential malware deploymentpotential malware distributionpotential malware infectionpotential reconnaissancepotential reconnaissance activitypotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpre-attackprice requestprice request scamprivilege escalationprobable vulnerability assessmentprobingprobing activityprocess injectionprotoprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpublic cloud targetingpublicly accessible infrastructurepublicly_exposed_servicepythonransomwareransomware activityrdp attacksrdp scanrdp scanningrdp_brute_forcerdp_scanreconnaissancereconnaissance activityredisredis attacksredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypot activityregional securityremote accessremote access attackremote access attacksremote access attemptremote access attemptsremote access serviceremote service exploitationremote servicesremote_access_serviceresearchresearchedresource hijackingrpcrtbhs7comm attackssansscada/ics attacksscams & fraudscanscannerscanner activityscanner detectionscanner ipscanner ipsscannersscanningscanning activityscanning_activityschedule themescheduled task abusescriptscripting attackssecurity eventsecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer connectionssentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attacksentrypeer targetingserverserver exploitationserver securityservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice-discoveryservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp brute-forcesftp exploitation attemptssftp intrusion attemptsftp intrusion attemptssftp probingsftp protocolsftp scanningsftp-attacksftp_attackshared-libshellshell accessshodan_io-benignsipsip attackssip brute forcesip brute-forcesip enumerationsip heraldingsip probingsip protocolsip scansip scanningsip vulnerability exploitationsip vulnerability scansip_attacksippsipvicious scanskypeslugsmart devicessmb attackssmb brute forcesmb exploitationsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsmtp traffic analysissmtp_attacksnaresocial engineeringsocradarsoftware developmentsoftware exploitationspainspamsql injectionsql injection attemptsql injection attemptssql injection probesql serversshssh attackssh attacksssh brute-forcessh monitoringssh protocolssh scanssh scanningssh-brutessh-brute-forcessh_brute_forcessh_bruteforcessh_scanssl vpnstealth scansurface websuricata alertsuricata alertssuspected malicious activitysweep scansynsyn port scansyn scansyn_scansystem discoveryt-pott-pot frameworkt1003t1003.001t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1027t1040t1041t1046t1047t1048t1048.003t1053t1053.005t1055t1056t1056.001t1056.004t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1064t1065t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1187t1189t1190t1192t1195t1199t1202t1203t1204t1204.001t1204.002t1210t1213t1486t1496t1497t1497.001t1498t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1539t1550t1550.002t1550.003t1552.001t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1583.002t1583.003t1584t1584.001t1584.002t1584.003t1584.004t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1598t1598.003t1608tannertanner activitytanner attack patternstanner eventstanner exploit attemptstanner exploit kittanner honeypot activitytanner http honeypottanner interactionstanner web attacktargeting databasetariff server compromisetariff server themetariffs servertcptcp port scanningtcp protocoltcp scantcp scanningtcp-scantcp-scanningtcp/1433tcp/iptcp_scantelecom servicestelecommunicationstelnettelnet attackstelnet attemptstelnet scantelnet scanningtelnet threattelnet-brute-forcetextthreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_actor_unknownthreat_discoverythreat_intelligencetimeouttokyotop10.txttopips.txttor nodetorontotpottpotcetraffic anomalytsecttpsubuntuudp port scanudp port scanningudp scanudp-scanudp-scanningudp_scanunattributed activityunattributed threat actorunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized scanningunauthorized-access-attemptunauthorized_access_attemptunidentified attackerunidentified threat actorunited kingdomunited statesunknown actorunknown threat actorunsolicited network probeunusual network trafficuploadus abuseus noneus-akverified-benignvirustotal analysisvnc protocolvoidtrapvoipvoip attackvoip securityvoip systemsvoip_attackvpnvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructurevultr ip addressvultr tokyovultr-platformvultr_platform_activitywafweak credentialswealth managementweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawling detectionweb developmentweb exploitweb exploit attemptsweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serverweb server attackweb server attacksweb server exploitationweb serversweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb_applicationweb_attackweb_attacksweb_serverwebscanwebscannerwetransfer abusewgetwindows malwarewindows ntwordpotxmasxmas port scanxmas scanxmas_scanxsszabbixzmap

Activity Timeline

1 total obs

Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

67%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 19, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS202425

OrgIP Volume inc

Coords51.4964, -0.1224

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: inetnum: 93.174.95.0 - 93.174.95.255 netname: NET-3-95 descr: IPV NETBLOCK country: NL geoloc: 52.370216 4.895168 org: ORG-IVI1-RIPE admin-c: IVI24-RIPE tech-c: IVI24-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2016-01-23T22:25:01Z last-modified: 2019-02-04T13:13:26Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: IPV address: BZ nic-hdl: IVI24-RIPE mnt-by: IPV created: 2018-05-16T13:28:41Z last-modified: 2023-09-08T14:14:36Z source: RIPE # Filtered route: 93.174.95.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-08T16:07:47Z last-modified: 2019-02-08T16:07:47Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://chiraba.com:8443/hourly, https://www.virustotal.com/graph/gf2367acdb5034913b48bf08089707f4762a1a847506e4e8f9d7cf028f084d3fa

`93.174.95.106`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey