IPMediumSignal 30/100

`80.239.178.98`

Location

Switzerland

Rümlang, Ile-de-France

ASN

AS1299

Nordic Internet Service AB

First Seen

Jan 12, 2025

Last Seen

May 25, 2026

Jan 12

First Seen

517d ago

May 25

Last Seen

19d ago

Reports

source reports

30%

Confidence

medium

1/91

VirusTotal

detections

Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

30%

Signal Score

30 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

37 techniques

Network Information

Country

Switzerland

RegionRümlang, Ile-de-France

ASNAS1299

OrganizationNordic Internet Service AB

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

9 reports30% confidence

Source reports

30%

Confidence score

Category tags

active scanactive scanningattackattack originaustraliaauthenticationauthentication attackautomated attackbotnetbotnet activitybrute forcebrute force attackbrute force attemptchcisco attackcisco devicecisco device targetingcisco exploitation attemptscommand and controlcommunication protocolcowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackddosdecoy systemdenial of servicedevice managementdionaea capturedionaea honeypotdistributed attacksenterprise networkingeuropeexploitation activityexploited hostfrfranceftp brute forcehackingheralding behaviorhoneytrap honeypotidentity & access exploitationinformation technologyinjection activityit infrastructurelamplamp attacklamp exploitation attemptslamp stack targetingmailoney honeypotmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork intrusionnetwork protocolnetwork scanningnetwork securityoceaniapassword attackpassword attacksphishingphishing attackphishing trapprocess injectionproxyreconnaissanceresearchedresource hijackingscannerscripting attackssentrypeer botnetsentrypeer detectionsftp activitysftp attacksip brute forcesip scanningsocial engineeringsoftware developmentspamsql injectionssh attackssh monitoringswedent1021t1021.004t1040t1041t1046t1055t1059t1059.007t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1589t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodetpotceunauthorized accessunauthorized access attemptvoipvoip attackvpnweb app attackweb application attackweb attackweb exploitation

Activity Timeline

1 total obs

May 25May 25

Threat Activity Heatmap

· Peak: 2026-05-25

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

30%

Confidence

Reports

First seenJan 12, 2025

Last seenMay 25, 2026

GeolocationCH

CountrySwitzerland

LocationRümlang, Ile-de-France

ASNAS1299

OrgNordic Internet Service AB

Coords59.3274, 18.0653

ProxyVPN

VirusTotal

1/ 91vendors flagged

1% detection rateJun 8, 2026

WHOIS

description: Host bruteforcing SSH
raw: inetnum: 80.239.178.96 - 80.239.178.127 netname: CH-PVDATANET descr: Privat Kommunikation Sverige AB country: CH org: ORG-NISA20-RIPE admin-c: PN5208-RIPE tech-c: PN5208-RIPE status: ASSIGNED PA mnt-by: se-twelve99-1-MNT created: 2024-06-11T13:04:53Z last-modified: 2024-06-11T13:04:53Z source: RIPE organisation: ORG-NISA20-RIPE org-name: Nordic Internet Service AB org-type: other descr: LIR address: Grevgatan 13 address: 114 53 Stockholm address: SE phone: +46708622130 admin-c: MM51507-RIPE tech-c: MM51507-RIPE mnt-ref: se-twelve99-1-MNT mnt-by: se-twelve99-1-MNT created: 2019-09-16T12:21:01Z last-modified: 2023-01-22T13:15:54Z source: RIPE # Filtered role: PVDataNet NOC address: Bygdev�gen 5 abuse-mailbox: [email protected] nic-hdl: PN5208-RIPE mnt-by: MNT-PVDATANET created: 2020-09-24T09:48:55Z last-modified: 2020-11-05T19:11:28Z source: RIPE # Filtered route: 80.239.160.0/19 descr: Arelion, Twelve99, f/k/a Telia Carrier remarks: Abuse issues should be reported remarks: to [email protected] origin: AS1299 mnt-by: Twelve99-IRR-MNT created: 2002-09-13T09:06:25Z last-modified: 2023-01-30T10:57:38Z source: RIPE
references: https://github.com/telekom-security/tpotce

`80.239.178.98`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy