IPMediumSignal 36/100
95.161.76.100
Location
NetherlandsAmsterdam, North Holland
ASN
AS62041
Global Network Management Inc
First Seen
Feb 24, 2023
Last Seen
Mar 31, 2026
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionAmsterdam, North Holland
ASNAS62041
OrganizationGlobal Network Management Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
9 reports36% confidence
9
Source reports
36%
Confidence score
Category tags
abuseacademic institutionsaccess controlaccount brute forceactive scanactive scanningalbertaalexaalexa topalienvault_ransomwareantigua and barbudaappleattackauthentication attackav detectionbad reputationbank securitybankerbluetooth propagationbotnetbotnet activitybrute forcebrute force attackbrute_forcecisacisa advisorycisco umbrellacivil servicesclassclick-based attackcobalt strikecode executioncommand and controlcommand executioncommand injectioncommunication protocolcommunication technologiescompromised credentialscontactcontacted urlscontrol servercorecredential accesscredential harvestingcredential stuffingcredential_accesscve-20cyberd brokerdbdata exfiltrationdata store exposuredb brokerdb accessddosdefault browserdenial of servicedetection listdistributed attacksdns attackdnspionagedownloaderdroppededucational resourceseducational serviceseducational technologyelectronic health recordsembarcadero delphiemotetencryptionenumerationeuropeeurope/asiaexploitexploitation activityexploitation of pgpasswordfinancefinancial institutionfinancial servicesfireholfirehol proxyftpftp brute forcegenericgogogovabgovernment technologygsbadmin credential compromiseguest systemhealth care and social assistancehealth information technologyhealthcare information systemsheurhigher educationhospital managementhttp brute forcehttp scannerhttpshybridicmpidentity & access exploitationimapindicatorindustries/all industriesinformation technologyinfostealeringress tool transferinjection activityinstallipv4it infrastructureivanti connect secureivanti epmmivanti policy securek-12 educationkeyloggerkgs0kls0laplasclipperlateral movementlocallogin brute forcemalicious activitymalicious downloadmalicious linksmalicious sitemalicious softwaremalwaremalware distributionmalware sitemarkmonitormatrixmci verizon blockmedical servicesmetromillionmobile carriersmobile networksmonitoringname servernetherlandsnetskynetworknetwork attacksnetwork intrusionnetwork propagationnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork_reconnaissancenoname057parent parentpassword attackpassword attackspatient carepersistence mechanismspexeepgpasswordpgsqlpwphishingphishing attackphishing siteprivilege escalationprocess injectionprotocol exploitationproxypsexecpublic administrationpublic infrastructurepublic policypythonramnitransomwarereconnaissanceredacted gsbredline stealerregulatory agenciesrelicremote accessremote code executionremote servicesresearchedrussiarussian federationsafe sitesamplesscams & fraudscannersecurity policyserviceservice scansitesmallsmb brute forcesmb scanningsmtpsmtp brute forcesocial engineeringsoftware developmentsoftware exploitationspeaderssh attackssl certificatestealersteamstringsstrongsummarysyn scant1003.001t1018t1021t1021.001t1027t1027.003t1040t1046t1053.005t1055t1059t1059.001t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1195t1203t1204.001t1204.002t1210t1219t1486t1496t1499.001t1499.002t1499.003t1505t1505.003t1547.001t1548t1550.002t1552t1555.003t1556t1563t1564t1565t1566t1566.001t1566.002t1566.003t1569.002t1588t1589t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningteamtelecom servicestelecommunicationstelnet threatthreatthreat actorthreat preventionthreat reportthreattype/credential theftthreattype/remote code executionthreattype/vulnerability exploitationthreattype/webshell deploymenttoolstor nodetrojanspyu gsbadminualbertaudp scanunidentified threat actorunionunitedunsafeupgradeusb propagationuser executionvulnerabilitiesvulnerability scanweb trafficwebshell deploymentwhois recordwhois whoiswindirwireless network attackzerozero-day vulnerability
Activity Timeline
Mar 31Mar 31
Threat Activity Heatmap
· Peak: 2026-03-31LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
9
Reports
First seenFeb 24, 2023
Last seenMar 31, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS62041
OrgGlobal Network Management Inc
Coords59.8983, 30.2618
Proxy
VirusTotal
Not checked
WHOIS
- description
- CC=AG ASN=AS62041 Telegram Messenger Inc
- raw
- NetRange: 95.0.0.0 - 95.255.255.255 CIDR: 95.0.0.0/8 NetName: 95-RIPE NetHandle: NET-95-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2007-07-30 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/95.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
- references
- https://www.virustotal.com/graph/g05ef76983adc4b5798451df96d9c5fe235aef1005e0449e194fad97eb7decbc8, https://labs.inquest.net/iocdb, https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a, https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications_0.pdf, https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications.pdf, http://ww1.tsx.org/_fd, https://www.milehighmedia.com/legal/2257 (exploit source | revenge porn), Target → https://www.pinterest.com/pinkbuffalorun/ (EMOTET) Full control taken. True Board owner (a legitimate business) was likely very unaware Pinterest activities all flowed through the Dark Web. (Research shows over 5000 followers | 1 million visits per mo | more than 1 million pins re-pinned), http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel (remote hacking/potentially maliciousRedTeam), http://45.159.189.105/bot/online?guid=WALKER-PC&key=b73f03cae5752ff4c823f89de539b59754bc4e65d43970358b17bcf21fb6c4e5 (remote hacking), http://clipper.guru/bot/online?guid=WALKER-PC (remote hacking), Target → https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (attached to Pinterest account), https://firebaseremoteconfig.googleapis.com/v1/projects/16163253122/namespaces/firebase:fetch (remote hacking), firebaseremoteconfig.googleapis.com (remote hacking), remote.telegrafix.com (remote hacking), fb582cc7cfcfa64786caff627cc34ff7aedf7a97620d0cd2eb927d4bb3b7653d, remote.haverhillcc.com (remote hacking), http://ax.itunes.apple.com/WebObjects/MZStoreServices.woa/ws/RSS/toppaidapplications/limit=10/xml, http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409, http://init-p01st.push.apple.com/bag (remote hacking), https://support.apple.com/en-us/HT201265. Targets (iOS ID), apple.com. (malicious version/header), https://www.apple.com/sitemap/, https://applemusic-spotlight.myunidays.com/US/en-US? (remote hacking), init.ess.apple.com (remote hacking), applepaydayloans.com, www.metrobyt-mobile.com (So very hacked. Should be shut down. No corporate headquarters. Malicious practices by many independent owners), https://applepaydayloans.com/, https://sinister.ly/Thread-Apple-empty-box?page=13, 7651508989a859a165a3e587268021e3ce3734b3e8711d06a101068c60dfdbbe ( Spyware| tsetup.2.4.4.exe | Downloader.Agent!1.E2F1 (CLASSIC) |Telegram Messenger Inc WeExtract malicious installation on targets media & devices), https://support.Apple.com/de, http://www.Apple.com/quicktime/download, http://www.Apple.com/quicktime/download/standalone.html, https://urldefense.us/v2/url?u=http-3A__support.apple.com_kb_HT2693&d=DwMGaQ&c=mcnPvAfk3Xtjyky7sc3uA24Vk9hJzQ1fEHisENJPWek&r=PjGDHIUs1kNE6nRUZrOEsufSDp8LBQ-SwHI1wE1Z0Qo&m=zBlvHUR-UT1fW5-53xrUtd5Uj5DBn30a-XGaqZ1lyWh4YCJi5SWOvg3tVORPEuat&s=OJ-NfystLux9f25c44kAAuBLCoTAo6gQJ7EMKHRlrCk&e=&data=05, https://www.roseoubleu.fr/panier (phishing), Roksit.net, stagelight.pl (malicious/ pattern match), www.jamesbgriffinlaw.com (malicious host), Data Analytics, Behavior Pattern Match Analysis, 45.159.189.105 (Command and Control), http://45.159.189.105/bot/regex (Bot Command), 151.101.0.84 US - United States Pinterest Botnet Command and Control Server - 23.62.46.21, AS54113 Fastly Autonomous System aggregation for Pinterest United States Botnet Command and Control Server, DetectItEasy PE32 Installer: Inno Setup Module (6.0.0) [unicode] Compiler: Embarcadero Delphi (10.3 Rio) [Professional] Linker: Turbo Linker (2.25*,Delphi) [GUI32,signed] Overlay: Inno Setup Installer data, (unsupported_iexplore exploit/redirect) https://www.pinterest.com/pin/mood--35536284546940000/ (Dark Web Trace)
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 2 months ago
Appeared in 9 threat reports