IPMediumSignal 70/100

`192.76.153.253`

Location

Netherlands

Alkmaar, North Holland

ASN

AS60404

The Infrastructure Group B.V

First Seen

Sep 11, 2025

Last Seen

Jun 16, 2026

Sep 11

First Seen

288d ago

Jun 16

Last Seen

10d ago

Reports

source reports

70%

Confidence

medium

Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

70%

Signal Score

70 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

105 techniques

Network Information

Country

Netherlands

RegionAlkmaar, North Holland

ASNAS60404

OrganizationThe Infrastructure Group B.V

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

35 reports70% confidence

Source reports

70%

Confidence score

Category tags

abuseaccess controlaccess-controlactive scanactive scanningadbadb protocoladbhoney activityadbhoney honeypotand exploitation attemptsand injection attemptsandroid device attacksanonymity network abuseanonymization networkanonymization network activityanonymization network iocsanonymization network trafficanonymization network usageanonymization_network_originanonymization_service_trafficanonymized attack activityanonymous attack sourceanonymous proxiesanonymous proxyanonymous_proxyanti-phishingapacheapache attackerapi servicesapplication layer protocolasaasiaattackattack sourceattacker infrastructureattacker ipattacker ip addressesattacker ip: confirmedattacker ip: detectedattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication failureauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attack attemptsautomated attacksautomated feedautomated threatautomated-attackautomated_attackautomated_attacksbad reputationbad web botblocklist_allblog spambooterbotnetbotnet activitybotnet c2botnet indicatorsbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 addressesc2 communicationc2 infrastructurec2 serverciscocisco asacisco asa targetedcisco asa targetingcisco devicecisco device attackcisco device exploitationcisco device probingcisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_devicescode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host indicatorscompromised hostscompromised infrastructure indicatorscompromised ip addresscompromised systemconpot activityconpot honeypotconpot ics probingcontent deliverycowriecowrie activitycowrie attackscowrie datacowrie honeypotcowrie interactionscowrie logscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential guessingcredential harvestingcredential stuffingcredential theftcredential-abusecredential-accesscredential-guessingcredential-stuffingcredential_accesscredential_access_attemptscredential_attackcredential_guessingcredential_stuffingcustomer datadarkforumsdata breachdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase scanningdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware samplesdirectory traversaldistributed attacksdnsdns attackelasticpot activityelasticpot exploitationelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeevasionexit nodeexit node threatexploitexploit attemptexploit attemptsexploit probingexploit public-facing applicationexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsexternal proxyexternal threatfailed-loginsfattfatt signaturesfeedfeed-harvestfeodofeodo trackerfeodo-trackerfilefinlandfireholfirewall eventfranceftpftp attacksftp brute forceftp brute-forceftp protocolftp scanningftp_attemptsftp_brute_forceftp_servicegeneric exploitgermanyhackinghashheralding activityheralding probinghoneynet connecthoneytrap activityhoneytrap datahoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp-floodhttp/shttp_brute_forcehttpshttps scanningicmpicsics attacksics securityics/scada attacksics/scada systemsidentity & access exploitationimapimap attackindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial access attemptsinitial-accessinitial-access-attemptinitial_accessinitial_access_attemptinjection activityinjection attacksinternet-facinginternet_background_noiseintrusion detectionintrusion-prevention-systemiociocsiot attacksiot securityiot systemsiot targetediot/ics attackip-addressip-addressesipphoney activityipphoney honeypotipphoney print exploitsipv4ipv4 addressipv4 attacksipv4_addressit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingkill-chain exploitationkill-chain reconnaissancel7-ddoslamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementlinux serverslinux systemslinux-server-attacklinux-server-attackslinux_serverslogin attacklogin attemptlogin credentialslogin failurelow-riskmailoney activitymailoney email harvestingmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious domainmalicious domainsmalicious file transfermalicious hashesmalicious ip activitymalicious ip addressesmalicious ipsmalicious linksmalicious loginmalicious network activitymalicious payloadmalicious probemalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious urlsmalicious-activitymalicious-ipmalicious-login-attemptsmalicious_ipsmalicious_trafficmalwaremalware analysismalware behaviourmalware capturemalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware domainmalware domainsmalware downloadmalware indicatorsmalware urlsmobile threatmodbusmodbus attacksmodbus protocolmonthlymssql brute forcemssql_brute_forcemulti-protocol network scanningnetherlandsnetworknetwork activitynetwork attacksnetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork servicesnetwork trafficnetwork-based attack attemptsnetwork-reconnaissancenetwork_attacknetwork_devicenetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenetwork_service_exploitationnetwork_service_probingnetworkmonitoringnlnorth americaoauthoceaniaopen proxyopencanaryopenctiopenphish feedopenphish iocopportunistic attackopportunistic_attackeros command injectionosintot attacksp0fp0f signaturespassword attackpassword attackspassword sprayingpassword-guessingpassword_guessingperimeter devicesperimeter securityphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlsping of deathpolandport-scanport-scanningportscanpossible botnet activitypossible credential stuffingpossible intrusionpossible malware distributionpossible malware propagationpossible reconnaissancepossible vulnerability exploitationpotential botnet activitypotential compromisepotential credential compromisepotential exploitpotential exploit activitypotential lateral movementpotential malicious activitypotential vulnerability exploitationprobing and exploitationprocess injectionprotocol exploitationprotocol scanningprotocol-abuseprotocol_scanningproxyproxy ip addressesproxy ipsproxy networkproxy serverproxy server activityproxy_trafficproxy_usagepublicly accessible infrastructureransomwareraspberry-pirdp attacksrdp protocolrdp_attemptsrdp_brute_forcerdp_servicereconnaissancereconnaissance activityreconnaissance_activityredis honeypotremote accessremote access attemptremote access attemptsremote loginremote service exploitationremote servicesremote_accessresearchedresource hijackings7comms7comm attackss7comm protocolsaas securityscannerscanner detectionscannersscanning activityscripting attackssecurity operationssecurity policysecurity-eventsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationserver securityservice enumerationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp attacksftp attackssftp attemptsftp exploitation attemptssftp port scansftp probingsftp protocolsftp-attacksipsip attackssip brute forcesip port scansip protocolsip scansip scanningsmb attackssmb brute forcesmb_enumerationsmb_servicesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsmtp_brute_forcesocial engineeringsocradar honeypotsoftware developmentspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsql injectionsql-injectionsshssh attackssh attacksssh monitoringssh port scanssh protocolssh-brute-forcessh_attemptsssh_brute_forcessh_servicessl blacklistssl certificatessl certificatessslblsslblackliststixstix feedsupply chain attacksuricata alertssuspicious-udpsuspicioustrafficsyn scant-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1078.003t1078.004t1083t1087t1090t1090 proxyt1090.002t1090.003t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1134.001t1136t1187t1189t1190t1192t1195t1195.001t1195.002t1199t1203t1204t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1537t1539t1550t1550.002t1552t1552.001t1555t1563t1564.003t1564.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1590t1590.001t1590.002t1590.005t1590.006t1592t1592.002t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnettelnet attackstelnet threattelnet-brute-forcetelnet_attemptstftpthird party integrationthreat activitythreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-intelthreat-intelligencethreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedtls fingerprinttoken compromisetoken thefttortor exit nodetor exit nodestor networktor network activitytor nodetor node indicatorstor-exit-nodestor-guard-nodestor_exit_nodetor_traffictorexittorexitnodestpottraffic analysisudp scanunattributed threat actorunattributed_threat_activityunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunauthorized_accessunited kingdomunited statesunknown threat actorurlhausvalid accountsvnc protocolvoidtrapvoipvoip attackvoip attacksvpnvpn ipvpn ip addressesvpn servicevpn trafficvpn_trafficvulnerability scanvulnerability-exploitationvulnerability-scanningweb apisweb app attackweb application attackweb application attacksweb application scanweb application scanningweb applicationsweb attackweb attacksweb brute forceweb developmentweb exploitationweb hostingweb infrastructureweb securityweb server attacksweb serversweb service scanningweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-loginweb-vulnerabilityweb_applicationweb_attacksweb_service_scanning

Activity Timeline

1 total obs

Jun 16Jun 16

Threat Activity Heatmap

· Peak: 2026-06-16

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

70%

Confidence

Reports

First seenSep 11, 2025

Last seenJun 16, 2026

GeolocationNL

CountryNetherlands

LocationAlkmaar, North Holland

ASNAS60404

OrgThe Infrastructure Group B.V

Coords52.3824, 4.8995

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 2/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: NetRange: 192.76.134.0 - 192.76.172.255 CIDR: 192.76.172.0/24, 192.76.134.0/23, 192.76.136.0/21, 192.76.168.0/22, 192.76.160.0/21, 192.76.144.0/20 NetName: RIPE-ERX-192-76-134-0 NetHandle: NET-192-76-134-0-1 Parent: NET192 (NET-192-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2005-02-28 Updated: 2005-02-28 Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois Ref: https://rdap.arin.net/registry/ip/192.76.134.0 ResourceLink: https://apps.db.ripe.net/search/query.html ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois://whois.ripe.net ResourceLink: https://apps.db.ripe.net/search/query.html OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN inetnum: 192.76.153.0 - 192.76.153.255 netname: NL-THEINFRASTRUCTUREGROUP-20191112 country: NL org: ORG-TIGB3-RIPE admin-c: TIGB2-RIPE tech-c: TIGB2-RIPE status: ALLOCATED PA mnt-by: mnt-nl-theinfrastructuregroup-1 mnt-by: RIPE-NCC-HM-MNT created: 2019-11-12T08:59:40Z last-modified: 2019-11-12T09:13:26Z source: RIPE organisation: ORG-TIGB3-RIPE org-name: The Infrastructure Group B.V. org-type: LIR address: Havinghastraat 32 address: 1817DA address: Alkmaar address: NETHERLANDS admin-c: TIGB2-RIPE tech-c: TIGB2-RIPE abuse-c: AR56650-RIPE mnt-ref: mnt-nl-theinfrastructuregroup-1 mnt-by: RIPE-NCC-HM-MNT mnt-by: mnt-nl-theinfrastructuregroup-1 created: 2019-11-11T15:00:44Z last-modified: 2019-11-29T15:19:04Z source: RIPE # Filtered phone: +31 85 3012862 role: The Infrastructure Group B.V. - NOC Department address: Havinghastraat 32 address: 1817DA Alkmaar (The Netherlands) phone: +31853012862 nic-hdl: TIGB2-RIPE mnt-by: mnt-nl-theinfrastructuregroup-1 created: 2019-11-12T09:12:44Z last-modified: 2019-11-12T09:12:44Z source: RIPE # Filtered route: 192.76.153.0/24 origin: AS60404 mnt-by: mnt-nl-theinfrastructuregroup-1 created: 2020-06-05T20:31:14Z last-modified: 2020-06-05T20:31:14Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://ltna.com.au/cyber, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au

`192.76.153.253`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey