IPMediumSignal 41/100

`5.255.123.158`

Location

Netherlands

Dronten, North Holland

ASN

AS60404

TIG

First Seen

Jul 21, 2024

Last Seen

Jun 16, 2026

Jul 21

First Seen

705d ago

Jun 16

Last Seen

10d ago

Reports

source reports

41%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

41%

Signal Score

41 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

61 techniques

Network Information

Country

Netherlands

RegionDronten, North Holland

ASNAS60404

OrganizationTIG

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

29 reports41% confidence

Source reports

41%

Confidence score

Category tags

abuseaccess controlactive scanactive scanninganonymity network abuseanonymization networkanonymization network trafficanonymization servicesanonymization toolsanonymization_network_originanonymization_service_trafficanonymous proxiesapacheapache attackeraptattackaustraliaauthentication attemptsauto-generated securityautomated attackautomated_attackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcebrute_force_attackbruteforcecisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscommand and controlcommunication protocolcompromised credentialscompromised hostcowriecowrie honeypotcowrie interactionscowrie logscredential accesscredential attackcredential attackscredential harvestingcredential stuffingcredential_accesscredential_access_attemptcredential_attackcredential_guessingcredential_stuffingdarkforumsdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdictionary attackdionaeadionaea honeypotdionaea logsdistributed attacksencryptionenterprise networkingenumerationeuropeexit nodeexit node threatexploit public-facing applicationexploitation activityexploited hostexternal_scanningfattfin scanfinlandfireholfranceftpftp brute forceftp_attemptsftp_brute_forceftp_servicegermanyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttp/httpshttp_brute_forcehttpsidentity & access exploitationindicatorsindicators of compromiseindicators_of_compromiseinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksinternet of thingsiociot botnetiot deviceiot securityiot/ics attackit infrastructurelamplamp exploitation attemptslamp server targetinglamp vulnerability scanlateral movementlinux serverlinux targetslogin attemptmailoney honeypotmalicious activitymalicious softwaremalicious trafficmalicious_ipmalicious_trafficmalwaremalware behaviourmalware capturemalware distributionmanualmirai botnetnetherlandsnetworknetwork activitynetwork attacksnetwork devicenetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenlnorth americanull scanobfuscated_originoceaniaopen proxyos command injectionp0fpassword attackpassword attacksphishingphishing attackphishing trappolandpossible credential stuffingpossible reconnaissancepotential botnet activitypotential_intrusion_attemptprocess injectionprotocol exploitationprotocol scanningprotocol_scanningproxyproxy abuseproxy ipsproxy networkproxy server detectionproxy serversproxy serviceproxy_trafficrdp_attemptsrdp_brute_forcerdp_servicereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscannerscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetservice discoveryservice enumerationservice_discoverysftp attacksip brute forcesmb_brute_forcesmtpsmtp brute forcesocial engineeringsoftware developmentspamspamhaussql injectionssh attackssh monitoringssh_attemptsssh_brute_forcessh_servicesyn scansystem accesst1016t1018t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1083t1090t1090 proxyt1090.002t1090.003t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1564.003t1565t1566.001t1566.002t1566.003t1572t1583.001t1587t1587.001t1588t1588.002t1589t1589.001t1590t1590.001t1590.005t1592t1595t1595 active scanningt1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet_attemptsthreat actorthreat detectionthreat infrastructurethreat intelligencethreat preventionthreat_activitythreat_actor_activitythreat_actor_group_unknownthreat_intelligencethreat_intelligence_feedtortor activitytor exittor exit nodetor networktor network activitytor nodetor-exit-nodestor-guard-nodestor_activitytor_exit_nodetpotudp scanunattributed_threat_activityunauthenticated access attemptsunauthorized access attemptunited statesunix targetsvoipvoip attackvpnvpn activityvpn ipvpn networkvpn trafficvpn_activityvulnerability scanweb app attackweb application attackweb application attacksweb exploitweb exploitationweb serverweb spamweb trafficxmas scan

Activity Timeline

1 total obs

Jun 16Jun 16

Threat Activity Heatmap

· Peak: 2026-06-16

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

41%

Confidence

Reports

First seenJul 21, 2024

Last seenJun 16, 2026

GeolocationNL

CountryNetherlands

LocationDronten, North Holland

ASNAS60404

OrgTIG

Coords52.3676, 4.9041

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 5.255.123.0 - 5.255.123.255 netname: TIG country: NL admin-c: TIGB2-RIPE tech-c: TIGB2-RIPE status: ASSIGNED PA mnt-by: mnt-nl-theinfrastructuregroup-1 created: 2023-04-06T13:38:57Z last-modified: 2023-04-06T19:41:51Z source: RIPE role: The Infrastructure Group B.V. - NOC Department address: Havinghastraat 32 address: 1817DA Alkmaar (The Netherlands) phone: +31853012862 nic-hdl: TIGB2-RIPE mnt-by: mnt-nl-theinfrastructuregroup-1 created: 2019-11-12T09:12:44Z last-modified: 2019-11-12T09:12:44Z source: RIPE # Filtered route: 5.255.96.0/19 descr: LITESERVER-Route origin: AS60404 mnt-by: mnt-nl-theinfrastructuregroup-1 created: 2013-11-11T12:57:21Z last-modified: 2023-04-06T17:53:48Z source: RIPE
references: https://check.torproject.org/torbulkexitlist, https://iplists.firehol.org/?ipset=tor_exits, Exit_Nodes.csv

`5.255.123.158`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey