IOC Radar
IPMediumSignal 61/100

199.217.98.108

Location
NetherlandsNetherlands
Dublin, North Holland
ASN
AS399629
BL Networks
First Seen
Jan 19, 2026
Last Seen
Jun 18, 2026
Jan 19
First Seen
154d ago
Jun 18
Last Seen
4d ago
9
Reports
source reports
61%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Network Information

CountryNLNetherlands
RegionDublin, North Holland
ASNAS399629
OrganizationBL Networks

Feed Intelligence Summary

9 reports61% confidence
9
Source reports
61%
Confidence score
Category tags
abuseactive scanactive scanningahost.exe abusealienvault_ransomwareanti-analysisaptapt41bad reputationbotnet activitybrowser disruptionbrowser extensionbrute forcecertchrome extension attackclickfix campaigncms exploitationcode executioncommand & controlcommand and controlcommand executioncrashfix variantcredential accesscredential brute-forcingcredential harvestingcredential stuffingcredential theftdata encryptiondeadlock ransomwaredgadknifeencryptionenterprise targetingeuropeeurope/asiaexploitation activityextortionfake update lurefakecaptcha lurefingerprintingftp brute forcehttp brute forceidentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceinjection activityipv6ipv6 addressipv6240eit infrastructurejavascript injectionkimwolflolbinsmalicious powershell activitymalwaremalware installationmicrosoft defender expertsmodel ratmodeloratmodelorat c2multi-stage malwarenetherlandsnetworknetwork probingnetwork reconnaissancenetwork scanningnode.js backdoornorth americapersistence mechanismphishingphishing attackpotential exploit attemptpython payloadpython ratralordransomwareratrctea botnetreconnaissanceregularremote accessremote access trojanresearchedscams & fraudscripting attacksservice scansicarii ransomwaresocial engineeringsoftware developmentsoftware exploitationssh attacksystem disruptiont1003t1016t1021t1027t1033t1036.004t1046t1049t1053.005t1057t1059t1059.001t1059.005t1059.006t1071t1071.001t1078t1082t1086t1105t1110t1110.002t1120t1140t1189t1195t1195.001t1199t1203t1204t1204.002t1486t1490t1518.001t1547t1547.001t1566t1566.001t1566.002t1566.003t1587.001t1588.002t1590.001t1595t1595.001t1595.002t1595.003thelandupdate808threat actortmobiletooltor nodetraffic redirectionturkeyunited statesuser deceptionvoidlinweb application attackyanbyarayara rule match

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
9
Reports
First seenJan 19, 2026
Last seenJun 18, 2026
GeolocationNL
CountryNetherlands
LocationDublin, North Holland
ASNAS399629
OrgBL Networks
Coords52.3676, 4.9041

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 4 days ago
Appeared in 9 threat reports