IOC Radar
IPMediumSignal 93/100

158.94.210.195

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS202412
Omegatech LTD
First Seen
Dec 7, 2025
Last Seen
Jun 10, 2026
Dec 7
First Seen
185d ago
Jun 10
Last Seen
yesterday
24
Reports
source reports
93%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
93%
Signal Score
93 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

81 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS202412
OrganizationOmegatech LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

24 reports93% confidence
24
Source reports
93%
Confidence score
Category tags
7zabuseabuse.ch threatfoxabuse.ch threatfox apiabusechabusech-threatfox-c2cabusech-urlhaus-c2cabuseipdbaccess controlactive scanactive scanningadvanced persistent threatagent teslaalibaba cloud hostingalienvault_ransomwareantivmapkapplication layer protocolaptarchivearmasyncratasyncrat activity detectedattackaustraliaauto-generatedauto-updatedautomated analysisautomated attackautomated osintautomated-analysisautomated-huntbackdoorbad reputationbad web botbde 85bde score highblocked-ipsbotnetbotnet activitybotnet communicationbotnetdomainbrand weaponizationbrute forcebrute force attackbrute-forcec2c2 activityc2 communicationc2 frameworkc2 frameworksc2 infrastructurec2 serverc2-communicationc2-infrastructurec2-trafficc2_candidatecensyscertcisco devicecisco exploitation attemptcisco exploitation attemptscnccobaltcobalt groupcobalt strikecobalt-strikecobaltstrikecode executioncoinminercommand & controlcommand and controlcommand executioncommand-and-controlcommand_and_controlcommandandcontrolcommodity malwarecommodity-ratcommunication protocolcompromise assessmentcompromised hostcompromised host communicationcompromised systemcowrie datacowrie honeypotcredential accesscredential harvestingcredential stealercredential stealingcredential stuffingcredential theftcredential-theftcryptocurrencycryptocurrency threatscryptojackingcyber threat advisorycyber threatsdata encryptiondata exfiltrationdata store exposuredata theftdata_theftdattormmdcratddosddos attack indicatorsddos attacksddos preparationdecoy systemdefense_evasiondeimosc2denial of servicedevice managementdionaea honeypotdistributed attacksdlldropped-by-amadeyelectronic health recordselfencryptionenterprise networkingeuropeexeexecutable fileexfiltrationexploit kit activityexploitation activityexploited hostextortionfattfinancefinancial servicesftp brute forcefuerygafgytghost ratghost rat c2githubgotoresolvehackinghajimehavochealth care and social assistancehealth information technologyhealthcare information systemshigh bde scorehijackloaderhoneytrap honeypothospital managementhtmlhttp brute forcehttpshttps c2idatloaderidentity & access exploitationimapimap attackindicatorindicators of compromiseinformation stealerinformation stealinginformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinternet of thingsiociocsiot botnetiot securityiot/ics attackip-addressipsisoisp-reputationit infrastructureladvixlateral movementlinuxlogin attemptlummastealerlzrdm68kmacosmacsyncmailoney honeypotmalicious activitymalicious ip activitymalicious linksmalicious network trafficmalicious payloadmalicious softwaremalwaremalware activity analysismalware activity detectionmalware analysismalware behaviourmalware c2malware c2 activitymalware campaign activitymalware campaign analysismalware campaign detectedmalware campaign detectionmalware capturemalware communicationmalware distributionmalware distribution campaignmalware familymalware frameworkmalware infectionmalware infection activitymamontmd5medical servicesmetasploitmeterpretermipsmirai botnetmirai c2mitre-attackmobile threatmozimsinetherlandsnetsupportmanagernetsupportmanager ratnetsupportmanager rat c2netsupportmodulesnetsupportratnetworknetwork communicationnetwork infrastructurenetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork-iocnitrogennitrogen ransomwarenitrogen-ransomwarenjratnloceaniaoffloaderopen source intelligenceopendirosintosint feedosint-volleyp0fpassword attackspassword: bluyspassword: cyrexpassword: lunexpassword: ryospatient carepattern 49pattern-32pattern-38pattern-49payloadphishingphishing attackphishing trappolcertpost-compromisepost-exploitationpowerpcprocess injectionprotocol exploitationproxyps1railnetransom demandransomwareransomware activityransomware threat intelligenceratrat activityreconnaissanceredlineredline stealerremcos trojanremote accessremote access toolremote access trojanremote servicesremote-access-trojanremote_accessresearchedresidential proxyresource hijackingrisc-vsaint helena, ascension and tristan da cunhasalatstealersantastealerscams & fraudscannersecurity operationssecurity policyself-signed certificateself-signed certificate c2self-signed certificatesself-signed-certself-signed-certificatesensor-taggedsentrypeer activitysentrypeer botnetsftp attacksip brute forcesip scanningsliversliver c2smtpsmtp attackersmtp brute forcesocial engineeringsocradar honeypotsoftware developmentsoftware exploitationsorasparcsql injection attemptsssh attackssh monitoringsshdkitsslssl certificatessl certificatesssl encryptionssl enriched ipsssl enrichmentssl-analysisssl-enrichmentssl/tls enrichmentssl_trafficstealcstealc c2stealerstixstix 2.1stix feedstix-2.1stix-feedsuperhsupply chain attacksupply-chainsystem disruptionsystembct1003t1003.001t1005t1016t1016.001t1018t1021t1021.001t1027t1036.006t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1069t1071t1071.001t1071.004t1076t1078t1090t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1195.002t1199t1203t1204t1204.001t1204.002t1205t1210t1219t1486t1490t1496t1499.001t1499.002t1499.003t1528t1539t1547t1547.001t1555.003t1565t1566t1566.001t1566.002t1566.003t1568t1569t1569.002t1573t1573.001t1583t1583.006t1585t1586t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databaseteam cymrutelecommunicationstelnet threatthreat actorthreat actor ttpsthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreatfox apithreatfox feedthreatfox-feedtor nodetpottrojan malwarettpsua-wgetunited statesunknown malwareunknown ratunknown stealerunknown-malwareunknown-stealerunknown_malwareupxvalleyratvidarvidar stealervoipvoip attackvulnerability scanweb app attackweb application attackweb application attacksweb exploitationweb securitywsgidavx86xml-opendirxwormzip

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
93
SIGNAL
Signal Score
93%
Confidence
24
Reports
First seenDec 7, 2025
Last seenJun 10, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS202412
OrgOmegatech LTD
Coords52.3734, 4.8941
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 158.94.210.0 - 158.94.210.255 netname: OMEGATECH country: NL geofeed: https://omegatech.sc/geofeed.csv descr: OMEGATECH org: ORG-OL329-RIPE abuse-c: CA12141-RIPE admin-c: CA12141-RIPE tech-c: CA12141-RIPE mnt-domains: omegatechsc-mnt mnt-lower: omegatechsc-mnt mnt-routes: omegatechsc-mnt status: ASSIGNED PA mnt-by: lir-tr-mgn-1-MNT created: 2025-09-19T12:26:13Z last-modified: 2026-01-21T12:55:56Z source: RIPE organisation: ORG-OL329-RIPE org-name: Omegatech LTD org-type: OTHER address: HOUSE OF FRANCIS ROOM 303, ILE DU PORT, MAHE, SEYCHELLES country: SC abuse-c: CA12141-RIPE mnt-ref: omegatechsc-mnt mnt-ref: lir-tr-mgn-1-MNT created: 2026-01-05T00:10:50Z last-modified: 2026-01-21T12:55:02Z source: RIPE # Filtered mnt-by: omegatechsc-mnt role: Abuse Contact address: [email protected] nic-hdl: CA12141-RIPE abuse-mailbox: [email protected] mnt-by: omegatechsc-mnt created: 2026-01-05T00:09:14Z last-modified: 2026-01-21T12:42:42Z source: RIPE # Filtered route: 158.94.210.0/24 origin: AS202412 created: 2026-01-21T12:33:53Z last-modified: 2026-01-21T12:33:53Z source: RIPE mnt-by: lir-tr-mgn-1-MNT

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 months ago · Last seen 1 day ago
Appeared in 24 threat reports