IPMediumSignal 87/100

`94.102.49.155`

Location

Netherlands

Amsterdam, North Holland

ASN

AS202425

IP Volume inc

First Seen

Jun 4, 2024

Last Seen

Jun 15, 2026

Jun 4

First Seen

748d ago

Jun 15

Last Seen

7d ago

Reports

source reports

87%

Confidence

medium

Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

87%

Signal Score

87 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

125 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS202425

OrganizationIP Volume inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

35 reports87% confidence

Source reports

87%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseactionactive scanactive scanningadbadb brute forceadbhoney activityadbhoney attackadbhoney attacksadbhoney honeypotandroid device attacksanomalous network connectionsapacheapache attackerapplication brute forceapplication layer protocolaptasiaattachment phishingattackattack activityattack attemptattack sourceattack source ipv4attack vector: networkattacker intentattacker ipattacker ip addressesattacker-ipattacker_ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication-attemptsauthentication_bypassauthentication_failuresauto-generated securityautomated attackautomated attacksautomated emailautomated-attackautomated_attackbad reputationbad web botbase64base64 encodingbecblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulk emailc2c2 communicationc2 servercanadachinachina mobileciscocisco activitycisco asacisco attackcisco brute forcecisco devicecisco device attackcisco device scanningcisco device targetedcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco protocol attackscisco targetedcloud computingcloud environmentcloud infrastructurecloud infrastructure attackcloud migrationcloud providercloud securitycloud servicescloud storagecloud_infrastructurecode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised host activitycompromised host detectioncompromised hostscompromised ip addresscompromised systemsconfigconfig manipulationconfiguration manipulationconfiguration modificationconnectconnected devicesconpot activityconpot attackconpot attacksconpot honeypotcontainer securitycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectedcowrie emulationcowrie honeypotcowrie honeypot datacowrie honeypot detectioncowrie interactionscowrie login attemptscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptcredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential phishingcredential stuffingcredential theftcredential-accesscredential-bruteforcingcredential-harvestingcredential-stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcron injectioncssctacurlcvedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvestingdata store exposuredata theftdatabase access attemptdatabase activitydatabase attackdatabase attack attemptdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase login attemptdatabase probingdatabase scandatabase securitydatabase serverdatabase serversdatabase service attackdcerpcddosddos attackddos attemptddos preparationddos probeddos probingddospotdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandigitalocean infrastructuredigitalocean ipsdigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detecteddionaea honeypotdionaea interactionsdionaea malwaredionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdiscovery phasedistributed attacksdnsdns attackdockerelasticpot activityelasticpot dataelasticpot detectedelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionendpoint scanningenterprise networkingenumerationenv-huntingeu cyber policieseuropeexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexport-to-otxexposed serviceexposed servicesexternal access attemptsexternal attackexternal attackersexternal ipexternal remote servicesexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinlandfirewall eventfranceftpftp activityftp attackftp attacksftp brute forceftp brute-forceftp scanftp scanningftp_brute_forceftp_scangalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityheralding protocol abusehk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probinghttp request anomalieshttp request anomalyhttp scannerhttp scanninghttp_scanhttpshttps scanninghurricane ushydraicmpics securityics/scadaics_scadaidentity & access exploitationimapindicators of compromiseindustrial control systemsindustrial iotinfoinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure attackinfrastructure hackinginfrastructure scanninginfrastructure targetinginfrastructure: cloudinfrastructure: vultrinitial accessinitial access attemptinitial-accessinitial_accessinjection activityinjection attacksintel macinternet facinginternet of thingsinternet scaninternet scanninginternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-scanninginternet-wide scaninternet_wide_scanintrusion detectioniocioc.ipiocsiot analyticsiot applicationsiot attacksiot device targetingiot exploitationiot platformsiot securityiot targetediot/ics attackip-addressesippipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressipv4 attacksipv4 indicatorsipv4-iocipv4-scanningipv4_addressipv4_scanningit infrastructurejapankazakhstankaznetkhtmlkibanakill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp activitylamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability scanlateral movementlateral movement techniqueslcialinuxlinux server targetinglinux serverslinux system targetinglinux systemslinux x8664linux-server-attacklinux-server-attackslinux_server_attackslog4potlogin attacklogin attemptlogin attemptslogin failurelogin_attemptlondonlow-riskmail protocol abusemailoney activitymailoney attackmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious email activitymalicious email detectionmalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload attemptsmalicious payload detectionmalicious probemalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware hostingmalware installationmalware landingmalware probingmalware propagationmalware scanningmalware_activitymanualmass scanningmass-scanningmasscanmedpotmispmobilemobile securitymobile threatmodule loadingmonero minermongodbmongodb servermongodb wiremongodb wire protocolmssqlmssql brute forcemulti-cloud managementmultiple port scanmysqlmysql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork device attacksnetwork devicesnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork perimeternetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork servicenetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_device_attacknetwork_enumerationnetwork_intrusionnetwork_probingnetwork_reconnaissancenetwork_scannetwork_service_exploitationnginxnlnmapnorth americanosql databasenull scanoceaniaopen port detectionopen proxyopen source databaseopencanaryopenctiopenporsts_com-benignopportunistic attackopportunistic attackeropportunistic attacksopportunistic-attackos xosintosint enrichmentp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispasswordpassword attackpassword attackspassword crackingpassword sprayingpassword theftpassword-guessingpassword_attackpassword_guessingpayment fraudperimeter securitypgp signphishingphishing attackphishing campaignphishing trappingpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible exploit attemptspossible intrusion attemptpossible malicious activitypossible malware distributionpossible malware dropperpossible malware propagationpossible mirai variantpossible reconnaissance activitypotential botnetpotential credential stuffingpotential exploitpotential exploit activitypotential exploit attemptspotential intrusionpotential malware activitypotential malware deliverypotential malware distributionpotential malware downloadpotential malware uploadpotential reconnaissancepotential threat actorpotential vulnerability exploitationpotential_compromisepre-attackprice requestprice request scamprivilege escalationprocess injectionprotocol exploitationprotocol-abuseprotocol_enumerationproxyproxy accesspublic cloudpublic ip addresspublicly accessible infrastructurepymongopythonransomwareraspberry-pircerdp attacksrdp scanningrdp_scanreconnaissancereconnaissance activityredisredis exploitationredis exploitation attemptsredis honeypotredis protocolredishoneypotredishoneypot activityregional securityremote accessremote access attackremote access attacksremote access attemptremote access attemptsremote coderemote code executionremote exploitation attemptremote loginremote serviceremote service exploitationremote servicesremote_accessreplication attackresearchresearchedresource hijackingrestrest api attackscams & fraudscanscannerscanner activityscanner ipscannersscanning activityschedule themescheduled task abusescriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserverserver exploitationserver securityservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp credential attacksftp exploit attemptsftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptsftp probingsftp scanningsftp-attackshellshell accessshell access attemptsshell command executionsingaporesipsip activitysip attackssip brute forcesip enumerationsip probingsip scansip scanningsip vulnerability exploitationsip vulnerability scansip vulnerability scanningsip_attacksippslaveofslugsmart devicessmb attackssmb brute forcesmb exploitationsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh activityssh attackssh attacksssh bruteforcessh key injectionssh monitoringssh protocolssh scanssh-brutessh-brute-forcessh-bruteforcessh_brute_forcessh_scansurface websuricata alertsuricata alertssynsyn scansyn_scansystem accesssystem discoverysystem reconnaissancet-pott1003t1003.001t1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1027t1033t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1070.004t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1087.001t1087.002t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136.001t1187t1189t1190t1192t1195t1199t1203t1204t1204.002t1210t1213t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505.002t1505.003t1505.004t1550t1550.002t1550.003t1552t1552.001t1555t1555.003t1559t1560t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1573.001t1574.001t1583t1583.001t1583.002t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.003t1590.004t1590.005t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner activitytanner attacktanner attackstanner detectedtanner eventstanner exploitationtanner interactionstargeting databasetariff server compromisetariff server themetariffs servertcptcp port scanningtcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelnettelnet attackstelnet threattelnet-brute-forcethreat activitythreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelthreat-intelligencethreat_actor_unknowntimeouttokyotop10.txttopips.txttor nodetorontotpottpotceubuntuudp port scanudp port scanningudp scanudp-scanningunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized-access-attemptunauthorized_access_attemptunidentified threat actorunited kingdomunited statesunknown threat actorus abuseus based sourceus ip addressus ip sourceus noneus source ipvalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvoip attacksvoip systemsvulnerabilityvulnerability scanvulnerability-scanningvultrvultr hostingvultr infrastructurevultr ip addressvultr-platformweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb attackweb attacksweb exploitweb exploit attemptweb exploitationweb login attemptweb serverweb server attacksweb serversweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb_attackwetransfer abusewgetwindows ntwindows system targetingwordpotxmas scanxmas_scanxmrig

Activity Timeline

1 total obs

Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

87%

Confidence

Reports

First seenJun 4, 2024

Last seenJun 15, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS202425

OrgIP Volume inc

Coords51.4964, -0.1224

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected attempting to brute force FTP on DigitalOcean Toronto (CA) honeypot
raw: inetnum: 94.102.49.0 - 94.102.49.255 netname: NET-4-49 descr: IPV NETBLOCK country: NL geoloc: 52.370216 4.895168 org: ORG-IVI1-RIPE admin-c: IVI24-RIPE tech-c: IVI24-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2019-02-04T13:24:48Z last-modified: 2019-02-04T13:24:48Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: IPV address: BZ nic-hdl: IVI24-RIPE mnt-by: IPV created: 2018-05-16T13:28:41Z last-modified: 2023-09-08T14:14:36Z source: RIPE # Filtered route: 94.102.49.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-08T16:09:44Z last-modified: 2019-02-08T16:09:44Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrwarsaw-redis-bruteforce-ip-list-2025-07-30/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`94.102.49.155`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey