Threat LevelHIGH68/1003 rule types across 2 attack categories
3 incidents on record · 3 rule types · confirmed on global blocklists · seen 15h ago · bulletproof hosting
| PTR | N/A |
| Org / ASN | Techoff SRV Limited |
| Country | 🇳🇱 Netherlands |
| City | Amsterdam, North Holland |
| Timezone | Europe/Amsterdam |
Bulletproof HostingTechoff SRV Limited (AS48090)
Techoff SRV Limited is a shell-company bulletproof hosting provider exposed in Team Cymru's "Jingle Shells" investigation as using a London virtual office shared with over 1,000 co-registered companies to fabricate legitimacy. Its entire autonomous system (AS48090) is listed on Spamhaus ASN-DROP, indicating the network is leased exclusively for criminal purposes. Individual IPs accumulate thousands of independent abuse reports for webshell scans, backup file probes, SSH brute force, and bot floods.
Attack Analysis
IDS: Blocklist — Spamhaus DROP
This IP is on the Spamhaus DROP list — a dataset of netblocks hijacked or leased by professional spam and cybercrime operations with no legitimate users. Traffic from DROP-listed ranges is considered hostile by design. Blocking is unconditional.
IDS: Tor Exit Node
This IP is a known Tor network exit node. Tor anonymizes user traffic by routing it through a series of relays; exit nodes are the final hop where traffic re-enters the public internet. While Tor has legitimate privacy uses, it is heavily abused for anonymous attacks, credential stuffing, and fraud — as the real attacker IP is concealed behind the exit node.
IDS: Blocklist — Dshield
This IP was reported to the DShield community blocklist by multiple independent security sensors worldwide. DShield aggregates firewall logs from thousands of contributors; IPs on this list are confirmed active attackers observed across many networks.
Reports (3)
| Date | Severity | Description |
|---|---|---|
| 4 Jun 2026 - 02:21 | high | IDS: Tor exit node — known anonymization network |
| 4 Jun 2026 - 02:21 | high | IDS: Blocklist — Dshield listed IP |
| 4 Jun 2026 - 02:21 | high | IDS: Blocklist — Spamhaus DROP listed IP |
EagleEye Intelligence