IOC Radar
IPMediumSignal 100/100

80.64.30.237

Location
RomaniaRomania
Ostratu, Ilfov
ASN
AS44559
IT Hostline Ltd
First Seen
Feb 21, 2025
Last Seen
Mar 15, 2026
Feb 21
First Seen
477d ago
Mar 15
Last Seen
90d ago
9
Reports
source reports
99%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryRORomania
RegionOstratu, Ilfov
ASNAS44559
OrganizationIT Hostline Ltd

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

9 reports99% confidence
9
Source reports
99%
Confidence score
Category tags
abuseaccessactive scanningattackbankingbotnetbrute forcebrute force attackbrute_forcecertcode executioncommand and controlcommand executioncompromise systemconfigconfiguration exploitcowriecowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicesdata compromisedata encryptdata encryptiondata exfiltrationdecoy systemdefense evasiondenial of servicedistributed attacksemaileuropeeurope/asiaexploitexploit public-facing applicationextortionfinancefinance and insurancefinancial servicesfinancial technologyfortiosftpftp brute forcegithubgroupshoneytrap honeypothttpsimpactinformation technologyinitial accessiociocsit infrastructurelamplateral movementlockbitmailoney activitymailoney honeypotmalicious activitymalicious payloadmalicious softwaremalwaremonitornetworknetwork enumerationnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork_reconnaissancenorth americapassword attackspassword sprayingpatchpayment processingphishingphishing attackphishing trappotential malicious activityprivilege escalationprocess injectionprotocol exploitationproxypythonransom demandransomwarereconnaissanceremote accessremote servicesresearchedromaniarurussiarussian federationscannerscanning activityscriptsensayqservice enumerationsftpsftp attackslugsmtp brute forcesocial engineeringsoftware developmentsoftware exploitationsshssh attackssh monitoringsurface websystem disruptiont1003t1003.001t1021t1021.001t1021.004t1027t1040t1041t1053t1053.005t1055t1059t1059.001t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1078t1078.002t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1213t1486t1490t1496t1499.001t1499.002t1499.003t1547.001t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003telecommunicationstelnet threatthreat actorthreat detectiontriggerturkeyunauthenticated accessunauthorized access attemptsunidentified attackerunited statesvpnvpn brutevpn brute forcevulnerabilitywealth managementweb application attackweb exploitationweb scanner

Activity Timeline

1 total obs
Mar 15Mar 15

Threat Activity Heatmap

· Peak: 2026-03-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
9
Reports
First seenFeb 21, 2025
Last seenMar 15, 2026
GeolocationRO
CountryRomania
LocationOstratu, Ilfov
ASNAS44559
OrgIT Hostline Ltd
Coords44.6024, 26.0163
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Unknown source type: h0neytr4p
raw
inetnum: 80.64.30.0 - 80.64.30.255 netname: RU-TILDA-20240222 country: RU org: ORG-TL903-RIPE admin-c: TL6994-RIPE tech-c: TL6994-RIPE status: ASSIGNED PA mnt-by: IP-RIPE created: 2024-02-22T09:18:08Z last-modified: 2025-04-03T18:41:18Z source: RIPE organisation: ORG-TL903-RIPE org-name: Tilda LLC address: ul. Mihalkovskaya, d. 63B, str. 4, pom. 1/4 address: 125438 Moscow address: Russia abuse-c: TL6994-RIPE mnt-ref: IP-RIPE mnt-by: IP-RIPE org-type: OTHER created: 2024-05-20T18:18:30Z last-modified: 2024-05-20T18:19:09Z source: RIPE # Filtered role: Tilda LLC address: ul. Mihalkovskaya, d. 63B, str. 4, pom. 1/4 address: 125438 Moscow address: Russia abuse-mailbox: [email protected] nic-hdl: TL6994-RIPE mnt-by: IP-RIPE created: 2024-05-20T18:18:31Z last-modified: 2024-05-20T18:18:31Z source: RIPE # Filtered route: 80.64.30.0/24 origin: AS57523 mnt-by: IP-RIPE created: 2025-04-17T19:18:22Z last-modified: 2025-04-17T19:18:22Z source: RIPE route: 80.64.30.0/24 origin: AS59425 mnt-by: IP-RIPE created: 2024-02-22T09:18:12Z last-modified: 2024-02-22T09:18:12Z source: RIPE
references
https://www.forescout.com/blog/new-ransomware-operator-exploits-fortinet-vulnerability-duo/, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 9 threat reports