IOC Radar
IPMediumSignal 66/100

94.102.49.125

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS202425
IP Volume inc
First Seen
Jun 4, 2024
Last Seen
Jun 5, 2026
Jun 4
First Seen
738d ago
Jun 5
Last Seen
8d ago
26
Reports
source reports
66%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS202425
OrganizationIP Volume inc

Feed Intelligence Summary

26 reports66% confidence
26
Source reports
66%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotaptasiaattackattack sourceattack source ipattacker-ipaustraliaauthentication attemptauthentication attemptsauthentication_bypassbad reputationbad web botbankingbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebrute-force attackbruteforcechinacisco devicecloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolcompromised credentialscompromised hostconpot activityconpot honeypotcowriecowrie activitycowrie datacowrie honeypotcredential accesscredential stuffingcredit card servicesdata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea honeypotdistributed attacksenterprise networkingeuropeexploitexploitation activityexploited hostexternal threatfattfinancefinancial servicesfinancial technologyfrancefraud voipftpftp brute forcehackingheralding activityhoneytrap honeypothong konghttp scannerics securityidentity & access exploitationinbound scanindicatorindustrial control systemsinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4_addresskill-chain exploitationkill-chain reconnaissancelamplamp exploitation attemptlateral movementlcialogin attemptlow-riskmailoney honeypotmalaysiamalicious activitymalicious ipmalicious sftp activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware deliverymalware distributionmiraimirai botnetnetherlandsnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork probingnetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork_service_exploitationnlnorth americaoceaniaopenbl_org-benignopencanaryopenporsts_com-benignosintp0fpassword attackspassword sprayingpayment processingphishingphishing attackphishing trapping of deathportscanprocess injectionprotocol exploitationransomwareraspberry-pireconnaissanceremote accessremote access attemptremote loginremote serviceremote_accessresearchresearchedresource hijackingscams & fraudscanscannerscanner ipscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetservice scansftp attacksingaporesip brute forcesip scanningsmtpsocradar honeypotspamsshssh attackssh monitoringssh-brutet-pott1021t1021.001t1021.002t1021.004t1040t1041t1046t1053.005t1055t1059t1059.003t1059.004t1071t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1588.004t1590t1595t1595.001t1595.002t1595.003tannertanner activitytcptcp protocoltelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunauthorized accessunauthorized login attemptsunited kingdomunited statesunknown threat actorverified-benignvoipvoip attackvulnerability scanvulnerability-exploitationvultrwealth managementweb app attackweb application attackweb exploitationweb scannerweb spamweb traffic

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
26
Reports
First seenJun 4, 2024
Last seenJun 5, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS202425
OrgIP Volume inc
Coords52.3676, 4.9041

VirusTotal

Not checked

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 94.102.49.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 8 days ago
Appeared in 26 threat reports