IPMediumSignal 65/100
80.82.65.127
Location
NetherlandsAmsterdam, NH
ASN
AS202425
IP Volume inc
First Seen
Apr 9, 2025
Last Seen
May 7, 2026
Apr 9
First Seen
430d ago
May 7
Last Seen
36d ago
18
Reports
source reports
65%
Confidence
medium
8/91
VirusTotal
detections
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionAmsterdam, NH
ASNAS202425
OrganizationIP Volume inc
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
18 reports65% confidence
18
Source reports
65%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningalienvault_ransomwareaptasiaattackattack activityattacker ipsaustraliaauthenticationauthentication attackauthentication attacksauthentication brute forceauthentication bypassauthentication failureautomated attacksautomated brute forcebad reputationbad web botblacklist candidateblacklist ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2cisco asacisco asa targetedcisco devicecisco exploitationcisco exploitation attemptscivil servicescloud infrastructurecloud-infrastructurecommand & controlcommand and controlcommand injectioncommunication protocolcompromise attemptcountcowrie activitycowrie honeypotcowrie interactionscowrie logscredential accesscredential attackcredential attackscredential brute forcecredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attacksdecoy systemdenial of servicedevice managementdigital oceandigitalocean infrastructuredionaea honeypotdistributed attacksdmytro nedilskyidnsdns attacke-rishennyaencryptionenterprise networkingeuropeexploitexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexternal attackexternal threatexternal-threatexternal_threatfailed authenticationfattfdn3ftpftp attacksftp brute forcegeo-distributed attackgovernment technologyguy bruneauhackinghoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanningidentity & access exploitationindicators of compromiseinformation technologyinitial accessinitial_accessinjection activityinternet of thingsinternet storminternet-wide observationinternet-wide scanintrusion detectioniociot botnetiot securityiot/ics attackipv4ipv4 addressipv4 address abuseipv4 addressesipv4 indicatorsipv4-addressesit infrastructureknown malicious iplamplamp exploitationlamp server attacklamp stack targetinglateral movementlogin attacklogin attemptslogin brute forcelogin brutingmailoney honeypotmalicious activitymalicious infrastructuremalicious loginmalicious login attemptsmalicious network activitymalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmirai botnetmonthlymssqlmulti-geo location attackmulti-location attackmultiple failed loginsmultiple geo locationsmultiple geo-locationsmultiple ip addressesmultiple ipsmultiple locationsmysql brute forcenetherlandsnetworknetwork accessnetwork attacksnetwork enumerationnetwork infrastructurenetwork infrastructure attacknetwork infrastructure scanningnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-reconnaissancenetwork_scannetwork_scanningnloceaniaopenctiopenporsts_com-benignp0fpassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trapport-scanningpossible credential stuffingpossible exploit attemptpossible malware distributionpossible malware dropperpossible mirai variantpotential intrusionspotential lateral movementprocess injectionprotocol exploitationproxyproxy protocolpublic administrationpublic cloud targetingpublic infrastructurepublic policyrandom usernamerandom usernamesransomwarerdp attacksreconnaissancereconnaissance activityregulatory agenciesremote accessremote access abuseremote service exploitationremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policyself-signedsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserver exploitationservice probingservice scanseychellessftp access attemptsftp attacksftp probingsingaporesip brute forcesip scanningsmtpsmtp attackssmtp brute forcesoftware developmentspamsql injectionsshssh attackssh attacksssh monitoringssl vpnstorm centerstrongsyn scant-pott1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566t1573t1583.003t1583.006t1584.004t1586t1586.001t1588t1588.001t1588.004t1589t1589.002t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpottwitterudp port scanudp scanukraineukrainian networksukrainian threat actorsunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunknown credentialsunknown passwordsunknown usernamesvaizverified-benignvnc protocolvoipvoip attackvpnvpn accessvpn securityvulnerabilityvulnerability scanweb app attackweb application attackweb exploitationweb scannerweb spamweb traffic
Activity Timeline
May 7May 7
Threat Activity Heatmap
· Peak: 2026-05-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address `80.82.65.127`, represents a significant and persistent threat due to its high score and widespread reporting across numerous reputable threat intelligence sources. Its malicious nature is underscored by its association with a broad spectrum of hostile network activities, including brute-force attacks, port scanning, and potential command-and-control operations. Organizations failing to address this IOC risk severe consequences, such as unautho…
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
18
Reports
First seenApr 9, 2025
Last seenMay 7, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, NH
ASNAS202425
OrgIP Volume inc
Coords52.3716, 4.8883
ProxyVPN
WHOIS
- description
- CC=NL ASN=AS202425 ip volume inc
- raw
- inetnum: 80.82.65.0 - 80.82.65.255 netname: NET-1-65 descr: IPV NETBLOCK country: NL geoloc: 52.370216 4.895168 org: ORG-IVI1-RIPE admin-c: IVI24-RIPE tech-c: IVI24-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2010-09-30T19:51:08Z last-modified: 2019-02-01T18:25:33Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: IPV address: BZ nic-hdl: IVI24-RIPE mnt-by: IPV created: 2018-05-16T13:28:41Z last-modified: 2023-09-08T14:14:36Z source: RIPE # Filtered route: 80.82.65.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-01T14:49:03Z last-modified: 2019-02-01T14:49:03Z source: RIPE
- references
- https://isc.sans.edu/diary/rss/31952, https://www.intrinsec.com/wp-content/uploads/2025/08/TLP-CLEAR-20250828-VAIZ-FDN3-TK-NET-EN.pdf, 2025-05-02-SSL-VPN-malicious-login-attempts.csv, 2025-05-01-SSL-VPN-malicious-login-attempts.csv, 2025-04-30-SSL-VPN-malicious-login-attempts.csv, 2025-04-25-SSL-VPN-malicious-login-attempts.csv, 2025-04-24-SSL-VPN-malicious-login-attempts.csv, 2025-04-23-SSL-VPN-malicious-login-attempts.csv, 2025-04-22-SSL-VPN-malicious-login-attempts.csv, 2025-04-18-SSL-VPN-malicious-login-attempts.csv, 2025-04-17-SSL-VPN-malicious-login-attempts.csv, 2025-04-16-SSL-VPN-malicious-login-attempts.csv, 2025-04-14-SSL-VPN-malicious-login-attempts.csv, 2025-04-11-SSL-VPN-malicious-login-attempts.csv, 2025-04-10-SSL-VPN-malicious-login-attempts.csv, 2025-04-09-SSL-VPN-malicious-login-attempts.csv, 2025-04-08-SSL-VPN-malicious-login-attempts.csv
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 18 threat reports