IPMediumSignal 27/100

`149.154.166.110`

Location

United Kingdom

Amsterdam, North Holland

ASN

AS62041

Telegram Messenger Amsterdam Network

First Seen

Jan 15, 2026

Last Seen

Jun 8, 2026

Jan 15

First Seen

147d ago

Jun 8

Last Seen

3d ago

Reports

source reports

27%

Confidence

medium

2/91

VirusTotal

detections

Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

27%

Signal Score

27 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

78 techniques

Network Information

Country

United Kingdom

RegionAmsterdam, North Holland

ASNAS62041

OrganizationTelegram Messenger Amsterdam Network

Feed Intelligence Summary

7 reports27% confidence

Source reports

27%

Confidence score

Category tags

.net-malwareabuseacademic institutionsacceptaccount compromiseaccount securityactiveactive scanactive scanningaddressai downloadalertsalienvault_ransomwareall ipv4amazonanalysis dateanti-analysisantiguaantigua and barbudaappleaptas64521iascii textasiaasnoneav detectionsbackdoorbad reputationbazaarbgpbirdbodybrand impersonationbrute forcebrute force attackbrute-forcec decc marcastleratchinachlg urlck idclickclick-based attackcnamecofensecommandcommand and controlcommand executioncommand-and-controlcommunication technologiescorecredential accesscredential harvestingcredential stuffingcredential theftcredential-theftcredit card theftdata cdata exfiltrationdata store exposuredata-exfiltrationddosdefense evasiondemodenial of servicedockdomaindropped filedynamicloaderecho responseeducationeducational resourceseducational serviceseducational technologyemailencryptionentity gcl1mntet exploiteuropeevasionexploitation activityexternal ipf rlfake claude codefilesfiles ipfinancefirefoxforumfoundftpgns3guardhackinghacktool.remsim/remotetoolhandlehellohighhigher educationhighest schookhttpshybrididentity & access exploitationids detectionsimacindicatorinfoinformation technologyinfostealerinfostealer activityinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassinstallinstancesintelinteractive chat attackintrusion detectioniot securityit infrastructureitunesjapank-12 educationkeepalivedkeyloggerlearnlinuxloadslocallowfim2 ms17010mainmalicious domainmalicious linksmalicious powershell activitymalicious softwaremalwaremediummfa theftmitre attmobile carriersmobile networksms windowsms17010 echomwdbname tacticsnat nodenetherlandsnetworknetwork securitynew urgentnidsnjratnlnorth americaopenoperating systemoperating system securityoperation ghostmailovn networkp2404packed-malwarepassword attackspathpath traversalpattern matchpayloadpayload urlpayment securitypayment system attackpaypalpaypal accountphishingphishing attackphishing campaignphishmepii theftpleaseplease notepowershellprobe ms17010process injectionprocess-hollowingprometheuspulse pulsespulsesransomransomwareratreconnaissancerelated pulsesremote accessresearchedriperipe nccripe networkrsdssaas abusesaas supportscams & fraudscannerscripting attackssecuresecure yourselfservicesizesnake keyloggersnakekeyloggersocial engineeringsoftware developmentspawnsssdeepstopstringst1003t1003.008t1005t1021.001t1027t1031t1033t1036.002t1040t1041t1045t1053t1055t1056t1056.001t1057t1059t1059.001t1059.007t1060t1069t1069.001t1071t1071.001t1078t1082t1083t1086t1094t1105t1106t1110.001t1110.002t1110.003t1110.004t1112t1114t1129t1133t1143t1144t1158t1176t1190t1203t1204.001t1204.002t1480t1486t1497t1499.001t1499.002t1518t1543t1547t1550.004t1552t1552.001t1553t1555t1562t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1573t1574t1583t1584.003t1584.005t1587.001t1590.001t1595.001t1595.002t1595.003tagstelecom servicestelecommunicationsthreat actorthreat intelligencetitletls snitoolstor nodetrojan malwaretrojandroppertulachtwitterunitedunited kingdomunited statesunk_nightowlurlsurls showuser executionvercelvip keyloggervirtoolvirtual privatevirtual serverswannacryweb app attackweb application attackweb application exploitationweb attackweb exploitationweb securitywhois lookupwindowswindows-executablewritewrite cyara detectionsyara rule

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

27%

Confidence

Reports

First seenJan 15, 2026

Last seenJun 8, 2026

GeolocationGB

CountryUnited Kingdom

LocationAmsterdam, North Holland

ASNAS62041

OrgTelegram Messenger Amsterdam Network

Coords17.0481, -61.8045

VirusTotal

2/ 91vendors flagged

2% detection rateJun 8, 2026

WHOIS

description: CC=GB ASN=AS62041 telegram messenger inc
raw: inetnum: 149.154.164.0 - 149.154.167.255 netname: Telegram_Messenger_Network descr: Telegram Messenger Network country: GB geoloc: 52.379189 4.899431 admin-c: ND2624-RIPE tech-c: ND2624-RIPE abuse-c: TMI12-RIPE status: ASSIGNED PA mnt-by: MNT-TELEGRAM created: 2014-09-19T22:29:39Z last-modified: 2018-06-12T10:52:20Z source: RIPE person: Nikolai Durov address: P.O. Box 146, Road Town, Tortola, British Virgin Islands phone: +357 96 287319 nic-hdl: ND2624-RIPE mnt-by: MNT-TELEGRAM created: 2014-03-07T19:25:00Z last-modified: 2014-03-08T03:31:36Z source: RIPE route: 149.154.166.0/24 origin: AS62041 mnt-by: mnt-ag-globalnet-1 mnt-by: MNT-TELEGRAM created: 2023-08-06T18:25:49Z last-modified: 2023-08-06T18:25:49Z source: RIPE
references: https://app.any.run/tasks/e0a4305e-2b16-4192-b886-55758307f6e0, https://cofense.com/blog/livechat-abuse-how-phishers-are-exploiting-saas-support-tools-to-steal-sensitive-data, IOCs.2026.4.csv

`149.154.166.110`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy