IOC Radar
IPMediumSignal 51/100

193.32.162.213

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS47890
Techoff SRV Limited
First Seen
Aug 7, 2025
Last Seen
Jun 9, 2026
Aug 7
First Seen
321d ago
Jun 9
Last Seen
15d ago
18
Reports
source reports
51%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

93 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS47890
OrganizationTechoff SRV Limited

Feed Intelligence Summary

18 reports51% confidence
18
Source reports
51%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotapacheapache attackerapplication layer protocolaptasiaattackaustraliaauthentication attacksauthentication attemptbad reputationbad web botblock listblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute force botbrute-forcec2 communicationchina mobilecisco activitycisco asa targetedcisco devicecisco device attackcisco exploitationcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescnccolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromised credentialscompromised host detectioncompromised hostsconnected devicesconpot activityconpot honeypotcowrie activitycowrie datacowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcredential stuffing botdata exfiltrationdata store exposuredatabase attackdatabase probingdatabase securityddosddos attackddos attemptddos botdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdistributed attackselasticpot activityelasticpot honeypotelasticsearch monitoringenterprise networkingenumerationeuropeexploitexploit attemptexploitation activityexploitation attemptsexploitation of privilegeexploited hostftpftp brute forceftp brute-forcehackingheralding activityhk abusehandlerhoneytrap activityhoneytrap honeypothong konghttp brute forcehttp floodhttp scannerhttp scanningics securityics/scada attackidentity & access exploitationindicatorindustrial control systemsindustrial iotinformation gatheringinformation technologyinjection activityinternet of thingsiociot analyticsiot applicationsiot platformsiot securityiot targetediot/ics attackipphoney activityipphoney honeypotit infrastructurelamplamp activitylamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp stack attacklamp stack targetinglateral movementlateral movement attemptlogin attemptmail protocol abusemailoney activitymailoney honeypotmalicious activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware botnet activitymalware capturemalware distributionmalware probingnetherlandsnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoceaniapassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapphp exploitpolandpossible credential stuffingpossible malware infectionpossible mirai variantpotential lateral movementpotential malicious activityprocess injectionprotocol exploitationransomwarereconnaissanceredis honeypotredishoneypot activityremote accessremote access attemptremote service exploitationremote servicesresearchedresource hijackingroromaniascanscannerscannersscanning activityscripting attackssecurity operationssecurity policysentrypeer activitysentrypeer botnetsentrypeer sip attacksserver exploitationservice scansftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp probingsip activitysip attackssip brute forcesip scansip scanningsip vulnerability scansmart devicessmtpsmtp attackersmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspamspam botsshssh activityssh attackssh monitoringt1005t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1021.007t1029t1036t1036.005t1036.007t1036.009t1040t1041t1046t1053t1053.005t1055t1057t1059t1059.001t1059.004t1059.005t1059.007t1068t1071t1071.001t1071.004t1078t1078.001t1078.004t1082t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1123t1133t1190t1199t1202t1203t1204t1204.002t1210t1211t1485t1486t1489t1490t1492t1496t1497t1497.001t1497.002t1499.001t1499.002t1499.003t1505.004t1562t1562.001t1562.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1573.001t1573.002t1574t1574.001t1574.002t1574.008t1588t1592t1595t1595.001t1595.002t1595.003t1619tannertanner activitytargeting databasetcp floodtelecommunicationsthreat actorthreat detectionthreat feedthreat intelligencethreat preventiontor nodeudp port scanunauthorized accessunauthorized access attemptsunauthorized login attemptsunited statesus abuseus nonevoipvoip attackvulnerability scanweb app attackweb application attackweb application scanweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
18
Reports
First seenAug 7, 2025
Last seenJun 9, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS47890
OrgTechoff SRV Limited
Coords52.3676, 4.9041

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected performing web attacks against Cloudflare honeypot edge
raw
Domain name: kantoorlessen.nl Status: active Registrar: Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Germany Abuse Contact: Creation Date: 2019-07-24 Updated Date: 2020-10-10 DNSSEC: no Domain nameservers: ns2.kantoorlessen.nl 193.32.162.3 ns1.kantoorlessen.nl 193.32.162.2 Record maintained by: NL Domain Registry As the registrant's address is not in the Netherlands, the registrant is obliged by the General Terms and Conditions for .nl Registrants to use SIDN's registered office address as a domicile address. More information on the use of a domicile address may be found at https://www.sidn.nl/downloads/procedures/Domicile_address.pdf Copyright notice No part of this publication may be reproduced, published, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without prior permission of the Foundation for Internet Domain Registration in the Netherlands (SIDN). These restrictions apply equally to registrars, except in that reproductions and publications are permitted insofar as they are reasonable, necessary and solely in the context of the registration activities referred to in the General Terms and Conditions for .nl Registrars. Any use of this material for advertising, targeting commercial offers or similar activities is explicitly forbidden and liable to result in legal action. Anyone who is aware or suspects that such activities are taking place is asked to inform the Foundation for Internet Domain Registration in the Netherlands. (c) The Foundation for Internet Domain Registration in the Netherlands (SIDN) Dutch Copyright Act, protection of authors' rights (Section 10, subsection 1, clause 1).

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 10 months ago · Last seen 15 days ago
Appeared in 18 threat reports