IPMediumSignal 45/100
5.255.117.134
Location
NetherlandsDronten, Flevoland
ASN
AS60404
TIG
First Seen
Oct 20, 2024
Last Seen
Jun 4, 2026
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionDronten, Flevoland
ASNAS60404
OrganizationTIG
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
16 reports45% confidence
16
Source reports
45%
Confidence score
Category tags
abuseaccount compromiseacr stealeractive scanactive scanningaddressadvanced ipaitm serverakira ransomwareamos steakeramos stealeranonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyanydesk moduleapplication layer protocolapt-k-47apt36apt43archive fileastral stealerasyncrat reloadedatomic httpsatomic stealerattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanauthentication attemptsautoitautoit malwareautomated network attacksautomated_attackavast-anti-root-kitbabbleloaderbackdoorbad reputationbad web botbadpilot campaignbanshee infostealerbcttbha006bitter aptblockboinc c2bootkitty iocsbotnetbotnet activitybrazanbamboo c2brazenbamboobrute forcebrute force attackbrute force attacksbrute-forcebrute_forcebrute_force_attackbugsleep malwarebumblebee malwareburnsratburnsrat cc startsleepc2c2 addressc2 domainc2 httpc2 httpsc2 ipc2 serverc2 serverscertchachachacha20cheat enginechristmas-themed lnk fileschrome extensions hijackedclickfix-tacticcloudcloud atlascloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecloudscout_evasive pandacobalt strikecode executioncode injectioncode issuescode snippetscometlogger-0.1command & controlcommand and controlcommand executioncommunication protocolcompiled autoit malwarecompromise notecontagious interviewcredential accesscredential attackcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcrowdstrike outage exploitcrypto cybercryptocurrencycthulhu stealercyber threatcyber threatsdamndarkgatedarkracedatadata encryptiondata exfiltrationdata store exposuredata theftdatabase securityddosdefanged filedefencedemodex rootkitdenial of servicedetailsdigital signaturedistributed attacksdlldonexdownload urldownloaderdropperduoyieagerbee backdooreldoradoeldorado ransomwareelfencryptionenumerationenumeration activityespionage campaigneuropeevasive pandaevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexecutable fileexfiltrationexploitexploitation activityexternal threatextortionfailed login attemptsfake captchafake chromefake discount sitesfake game sitesfatalratferret malwarefilefilesfinaldraft elffinaldraft malwarefinancefinancial servicesfindfingerprintfirstfirst seenfirst stagefooterfreelance developer scamftpftp brute forceftp_attemptsftp_brute_forcegamacopy aptgamaredongh0stratghostgambitghostsocksgithubgithub usersglove-stealergmergoogle ads heistgoogle meetguidloaderhackinghasheshashes payloadhawkeye malwarehelldown linuxhelldown ransomwarehidden rootkithornshorns-hooveshtahta filehta md5hta scripthtmlhtml payloadhttp attackhttp brute forcehttp scannerhttp/shttp_httpshttpsi2p networkiconidentity & access exploitationincident responseindicatorsindicators of compromiseindicators_of_compromiseindicatortypeinformation stealersinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksinvisibleferret malwareiociocsiocs filesiocs hashiocs helldowniocs maliciousiocs zipips httpsipv4ipv4 addressit infrastructurejs downloadl fileslandinglateral movementlatin americalegionloader malwarelinkslinuxlnklnk fileloaderlockbitlockbit ransomwarelockbit3lumma payloadlumma stealermacma malwaremalicious activitymalicious linksmalicious powershell activitymalicious softwaremalicious_activitymalicious_ip_activitymallox ransomwaremalwaremalware c2malware descriptionsmalware hashmalware signingmalware technologiesmanualmd5mekotio bankingmekotio banking trojanmemory operationsmgbot malwaremicrosoft advertisers phishedmintsloadermintsloader c2mintsloader_stealcmirrorface campaignmirrorface campainmlpeamoneromonitormsimsi filemulti-cloud managementmut-1244-githubna majesticna starkneshtanetherlandsnetsupport ratnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork ipnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenlnoneuclid ratnoopdoor malwarenoopldr type1noopldr type2opswat oesisottercookie contagious interviewottercookie malwarepanelpassword attackpassword attackspathloaderpayloadpayload hostpayload urlpdf filephishingphishing attackphishing urlsphobosphobos ransomwarephpsertphpsert variantplay ransomwarepluginplugxplugx c2plugx malwareportspossible credential stuffingpotential botnet activitypowershower c2process hackerprocess injectionprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy networkproxy serverproxy serverspscppsexecpublicpullpumakitpurecrypterpxa stealerpypi-aiocpapythonpython malwarepython nodestealerpython-based backdoorqilin ransomwarequite solsjoasquocransomransomhubransomwareransomware-lockbit3-iocs.csvratrat racerdp_attemptsrdp_brute_forcerdpwrapper abusereconnaissancereconnaissance activityreddelta c2redditref5961ref5961 groupregistry keysremcos trojanremote accessremote servicesresearchedrhadamanthys c2rockstar-phishingromcom exploitsromcom-exploitsrspackrspack_compromised_packagesrustrustystealersalt typhoonsample sha256samplesscams & fraudscannerscanning activityscripting attackssearchseashell blizzardsectopratsecurity operationssecurity_eventseenseo abuseserver httpserversservice discoveryservice dllservice enumerationservice scanservice scanningsftp attackshadowroot ransomwareshell commandssilent lynx aptsilent skimmersimilar sha256sitesitessliver implantsmokeloadersmtpsnailresin attacksnake keyloggersneaky 2fasocial engineeringsoftware developmentsoftware integritysolana-backdoorsolo airfieldspamssh accessssh attackssh_attemptsssh_brute_forcestarstar blizzardstar blizzard spear-phishingstealcstealc c2stealc payloadstealerstealerssteelfox trojanstrike loadersstrongstudio codesuspected malicious activitysyn scansystem disruptionsystembcsystembc ratt1005t1016t1018t1021t1021.001t1021.002t1027t1027.002t1040t1041t1046t1047t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.005t1070t1070.001t1070.004t1071t1071.001t1071.004t1076t1077t1078t1078.002t1082t1083t1086t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1095t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1112t1114t1114.001t1129t1133t1140t1176t1190t1195t1195.002t1199t1203t1204t1204.001t1204.002t1213t1213.003t1486t1490t1496t1497.003t1499.001t1499.002t1499.003t1547t1547.001t1554.001t1554.003t1555t1555.003t1562t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1569.002t1573t1573.001t1583t1587.001t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1595t1595 active scanningt1595.001t1595.002t1595.003t1598t1598.003tag-100tailscale abusetcp protocoltcp scanningtelnet threattelnet_attemptsthreat actorthreat infrastructurethreat intelligencethreat-actor:unattributedthreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtimetls certificatetokentortor networktor network activitytor nodetor_exit_nodetrojan malwaretrojan-stealertrojanizedtrojanspyturkeytype nameu.s. organization targeteduac-0185uac-0194unattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunknown threat actorurlsurls httpurls httpsv4 removalvalleyrat malwarevantvbshower c2versionversion bversion cversion dversion evgod ransomwareviewvisual studiovisual studio codevpnvpn networkvpn servicevpn trafficvssadmin deletevulnerability scanweaponized softwareweb app attackweb application attackweb exploitationweb securityweb spamweb trafficwebflow abusewezrat malwarewindows payloadwinos4.0 ratwolfsbane backdooryara ruleymirymir ransomwarezebo-0.1.0zipmsi
Activity Timeline
Jun 4Jun 4
Threat Activity Heatmap
· Peak: 2026-06-04LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
16
Reports
First seenOct 20, 2024
Last seenJun 4, 2026
GeolocationNL
CountryNetherlands
LocationDronten, Flevoland
ASNAS60404
OrgTIG
Coords52.3824, 4.8995
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- tor search result.
- raw
- inetnum: 5.255.117.0 - 5.255.117.255 netname: TIG country: NL admin-c: TIGB2-RIPE tech-c: TIGB2-RIPE status: ASSIGNED PA mnt-by: mnt-nl-theinfrastructuregroup-1 created: 2023-04-06T13:11:24Z last-modified: 2023-04-06T19:41:24Z source: RIPE role: The Infrastructure Group B.V. - NOC Department address: Havinghastraat 32 address: 1817DA Alkmaar (The Netherlands) phone: +31853012862 nic-hdl: TIGB2-RIPE mnt-by: mnt-nl-theinfrastructuregroup-1 created: 2019-11-12T09:12:44Z last-modified: 2019-11-12T09:12:44Z source: RIPE # Filtered route: 5.255.96.0/19 descr: LITESERVER-Route origin: AS60404 mnt-by: mnt-nl-theinfrastructuregroup-1 created: 2013-11-11T12:57:21Z last-modified: 2023-04-06T17:53:48Z source: RIPE
- references
- https://ltna.com.au/cyber
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 21 days ago
Appeared in 16 threat reports