IPMediumSignal 71/100

`195.178.110.190`

Location

Netherlands

Andorra la Vella, North Holland

ASN

AS48090

Techoff SRV Limited

First Seen

Feb 18, 2025

Last Seen

May 27, 2026

Feb 18

First Seen

484d ago

May 27

Last Seen

21d ago

Reports

source reports

71%

Confidence

medium

Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

71%

Signal Score

71 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

55 techniques

Network Information

Country

Netherlands

RegionAndorra la Vella, North Holland

ASNAS48090

OrganizationTechoff SRV Limited

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

23 reports71% confidence

Source reports

71%

Confidence score

Category tags

abuseabuseipdbactive scanactive scanningadbhoney activityadbhoney honeypotafricaandorraapacheapache attackeraptargentinaasiaattackaustraliaauto blockedauto-blockedauto-updatedautomated responsebad reputationbad web botbangladeshbelgiumbgblocked-ipsblocklist_allblog spambotnetbotnet activitybrand weaponizationbrazilbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebulgariacanadacertchinaciscocisco devicecisco exploitation attemptscommand and controlcommand injectioncommunication protocolcompromised credentialsconnected devicesconpotconpot activityconpot honeypotcowriecowrie activitycowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcryptocurrencycryptocurrency threatscryptojackingcyber threatsdata exfiltrationdata store exposuredatabase attackdatabase probingdatabase securityddosddos attackddos attemptddos reflectiondecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea honeypotdnsdns attackelasticpot honeypotelasticsearch monitoringelectronic health recordsemailencryptionenterprise networkingeuropeeurope/asiaexploitexploit attemptexploitation activityexploitation attemptsexploited hostfattfinancefinancial servicesfinlandfrancefraud ordersftpftp brute forceftp brute-forcegermanygithubhackinghealth care and social assistancehealth information technologyhealthcare information systemsheralding activityhoneypot datahoneytrap honeypothong konghospital managementhttp scannerics securityidentity & access exploitationids alertingindiaindustrial control systemsindustrial iotinformation technologyinfostealerinitial accessinjection activityinjection attacksinternet of thingsiot analyticsiot applicationsiot platformsiot securityiot targetediot/ics attackipphoney honeypotiraqirelandisp-reputationit infrastructureitalyjapankenyakill-chain exploitationkill-chain reconnaissancelamplamp exploitation attemptlamp server targetinglateral movementlateral movement attemptlayer 7 attacklithuaniamailoney honeypotmalicious activitymalicious emailmalicious ip activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware detectionmalware distributionmedical servicesmedium-riskmexicomitre-attackmorocconetherlandsnetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnew zealandnlnorth americanorwayoceaniaopen proxyopenctip0fpassword attackspatient carepattern-32pattern-38philippinesphishingphishing attackphishing trapping of deathpolandpossible malware infectionpotential malicious activityprocess injectionprotocol exploitationproxyransomwarereconnaissanceredis honeypotredishoneypotredishoneypot activityremote accessresearchedresidential proxyresource hijackingrussiascams & fraudscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer sip attacksservice scansftpsftp access attemptssftp attacksftp attackssftp probingsingaporesipsip attackssip brute forcesip scansip scanningsip vulnerability scansmart devicessmtpsmtp probingsocial engineeringsocradar honeypotsoftware developmentsouth africasouth americaspamsshssh attackssh monitoringssl certificatessl-enrichmentssl/tls enrichmentstealcstix 2.1stix-2.1supply chain attacksupply-chainswedensystem accesst1016t1016.001t1018t1021t1027t1036.006t1040t1041t1046t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1078t1090t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1195.002t1203t1204.002t1486t1496t1499.001t1499.002t1547.001t1555.003t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.002t1583.006t1585t1586t1595t1595.001t1595.002t1595.003taiwantannertanner activitytargeting databaseteam cymrutelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat-intelthreat-intelligencetor nodetpotukraineunited kingdomunited statesuzbekistanvenezuela, bolivarian republic ofvoipvoip attackvpnvpn ipvulnerability scanwazuhwebweb app attackweb application attackweb application scanweb attackweb exploitweb exploit attemptweb exploitationweb shellweb spamweb trafficxss attack

Activity Timeline

1 total obs

May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

71%

Confidence

Reports

First seenFeb 18, 2025

Last seenMay 27, 2026

GeolocationNL

CountryNetherlands

LocationAndorra la Vella, North Holland

ASNAS48090

OrgTechoff SRV Limited

Coords38.9609, -77.3429

ProxyVPN

VirusTotal

Not checked

WHOIS

raw: inetnum: 195.178.110.0 - 195.178.110.255 netname: TECHOFF_SRV_LIMITED descr: TECHOFF SRV LIMITED org: ORG-TSL73-RIPE country: AD admin-c: AD18161-RIPE tech-c: AD18161-RIPE status: ASSIGNED PA mnt-by: MNT-NETERRA mnt-domains: TECHOFF-MNT mnt-routes: TECHOFF-MNT mnt-routes: MNT-NETERRA created: 2025-01-13T10:27:00Z last-modified: 2025-01-13T12:11:13Z source: RIPE organisation: ORG-TSL73-RIPE org-name: TECHOFF SRV LIMITED country: GB org-type: OTHER address: 35 Firs Avenue, London N11 3NE abuse-c: AD18161-RIPE mnt-ref: TECHOFF-MNT mnt-ref: MNT-NETERRA mnt-by: TECHOFF-MNT created: 2024-11-20T13:01:40Z last-modified: 2024-11-26T15:22:33Z source: RIPE # Filtered role: ABUSE DEP address: 35 Firs Avenue, London N11 3NE abuse-mailbox: [email protected] nic-hdl: AD18161-RIPE mnt-by: TECHOFF-MNT created: 2024-11-20T13:00:28Z last-modified: 2024-11-21T09:45:52Z source: RIPE # Filtered route: 195.178.110.0/24 origin: AS48090 created: 2025-01-13T10:29:26Z last-modified: 2025-01-13T10:29:41Z source: RIPE mnt-by: TECHOFF-MNT
references: https://github.com/telekom-security/tpotce, https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://www.abuseipdb.com, https://jamesbrine.com.au/cfglobal-web-ip-list-2026-03-27/, https://jamesbrine.com.au, https://jamesbrine.com.au/cfglobal-web-ip-list-2026-02-25/, https://analytics.dugganusa.com/api/v1/stix-feed, https://www.dugganusa.com, https://analytics.dugganusa.com/v2, https://www.dugganusa.com/post/from-1-to-5-how-we-mapped-a-post-operation-endgame-c2-infrastructure, https://www.dugganusa.com/post/we-found-their-server-pattern-38-c2-infrastructure-exposed, https://www.dugganusa.com/post/pattern-43-the-password-is-in-the-filename, https://www.dugganusa.com/post/stealc-rhadamanthys-anatomy-of-a-github-supply-chain-infostealer, https://www.dugganusa.com/post/pattern-38-github-supply-chain-attacks-use-stolen-developer-credentials-from-2023-breaches

`195.178.110.190`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey