IOC Radar
IPMediumSignal 63/100

80.28.130.247

Location
SpainSpain
Ciudad Lineal, Canarias
ASN
AS3352
TDENET (Red de servicios IP)
First Seen
Jan 18, 2025
Last Seen
Apr 18, 2026
Jan 18
First Seen
511d ago
Apr 18
Last Seen
57d ago
8
Reports
source reports
63%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

9 techniques

Network Information

CountryESSpain
RegionCiudad Lineal, Canarias
ASNAS3352
OrganizationTDENET (Red de servicios IP)

Feed Intelligence Summary

8 reports63% confidence
8
Source reports
63%
Confidence score
Category tags
aaaaactive scanaheadatif feedbanlist feedbinary defensebotnet activitybrute forcecredential harvestingcredential stuffingdns attackdoctype htmleliteeseuropeglobalgooglebotgooglebot indexhrefhttpsidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceipv6 spflayer protocolmanualmetamitre attackmotherlessnetworknetwork infonextoverview zenboxperforms dnsphishingphishing attackprocesses extraransomwareresearchedrta descriptionscriptsocial engineeringspaint1055t1055 processt1071t1095t1566.001t1566.002t1566.003t1573t1587.001t1590.001titletrackertxt vdmarc1verdictz233

Activity Timeline

1 total obs
Apr 18Apr 18

Threat Activity Heatmap

· Peak: 2026-04-18
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This IP address, 80.28.130.247, represents a critical indicator of compromise with significant implications for organizational security. Its direct association with the 'el dorado' ransomware group elevates it beyond a mere technical data point, signaling a severe and imminent threat. The presence of this IOC within an organization's network could indicate active command and control (C2) communications, reconnaissance activities, or the preparatory stages for a ransomware deployment. A successfu…

Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
8
Reports
First seenJan 18, 2025
Last seenApr 18, 2026
GeolocationES
CountrySpain
LocationCiudad Lineal, Canarias
ASNAS3352
OrgTDENET (Red de servicios IP)
Coords37.3831, -5.9707

VirusTotal

Not checked

WHOIS

description
The full text of the RMA-tde.net report has been published, and the results are expected to be published in the next few days, as well as the full set of words.
raw
inetnum: 80.28.128.0 - 80.28.255.255 netname: RIMA descr: Red de servicios IP country: ES admin-c: ATDE1-RIPE tech-c: TTDE1-RIPE remarks: NCC#2002121103 status: ASSIGNED PA mnt-by: MAINT-AS3352 created: 2002-12-20T10:17:37Z last-modified: 2022-08-31T07:37:17Z source: RIPE # Filtered role: Administradores Telefonica de Espana address: Ronda de la Comunicacion s/n address: Edificio Norte 1, planta 6 address: 28050 Madrid address: SPAIN org: ORG-TDE1-RIPE admin-c: KIX1-RIPE tech-c: TTDE1-RIPE nic-hdl: ATDE1-RIPE mnt-by: MAINT-AS3352 abuse-mailbox: [email protected] created: 2006-01-18T12:24:41Z last-modified: 2018-09-18T10:36:42Z source: RIPE # Filtered role: Tecnicos Telefonica de Espana address: Ronda de la Comunicacion S/N address: 28050-MADRID address: SPAIN org: ORG-TDE1-RIPE admin-c: TTE2-RIPE tech-c: TTE2-RIPE nic-hdl: TTdE1-RIPE mnt-by: MAINT-AS3352 abuse-mailbox: [email protected] created: 2006-01-18T12:39:59Z last-modified: 2018-09-18T12:08:51Z source: RIPE # Filtered route: 80.28.0.0/16 descr: TDENET (Red de servicios IP) origin: AS3352 mnt-by: MAINT-AS3352 mnt-routes: MAINT-AS3352 mnt-lower: MAINT-AS3352 created: 2011-03-10T10:42:07Z last-modified: 2011-03-10T10:42:07Z source: RIPE
references
https://vtbehaviour.commondatastorage.googleapis.com/22e702fc31752b1ff0ca59efb58d943282dff34b9e8ce61867d8c831b0d8de35_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776480788&Signature=GKnoamXxZLyFfntMDXBWi2gnSzHRWJJRZPaofPOvzgQF6ygdQKEJpX4eJ2AASUeDQ3L4AO7Os%2FgNOl0CeG5%2FN9aVgljvd3WBiA8ZTwba5tFflRJKWcwOA5l4osDG6BDtNNiE8hqlOPhwMa4lIHfx8LNSu8B%2Fbm0n7Y28iDLdwSs9GCpFCVriebOwI1VNCU3BxzR0lKHa1DH6ijmLa6nxX4TOwNTZ47Os2KLel2k0E0K7sedhXKjWD1rz, https://vtbehaviour.commondatastorage.googleapis.com/22e702fc31752b1ff0ca59efb58d943282dff34b9e8ce61867d8c831b0d8de35_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776480900&Signature=juTMRwWs%2FTJqrDMvBJfYmPzSfXx4a%2F31AjChMKGg%2FigOb2ayCytmhgn%2FfGStvobwbbyL9t1dHYxFX0QZz%2F4zM3vebhPQPBm0BElUabRpjfY6q01wMlTu3q5T5uw1sSchvwR7n0H4t%2FnoMPiFRXns84ZWvQeTTNJYKtg5P29B6CE%2BbXfGQ%2FTKhS9ZR8bI09EyLS2y3Ob3boKLMZ4MNvq6nLIHO2373XOpgfJhsBQej6xZ8%2BlIe0T4, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 8 threat reports