IOC Radar
IPMediumSignal 76/100

80.82.70.133

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS202425
IP Volume inc
First Seen
Jan 17, 2021
Last Seen
Jun 2, 2026
Jan 17
First Seen
1984d ago
Jun 2
Last Seen
21d ago
43
Reports
source reports
76%
Confidence
medium
Found in 43 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

142 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS202425
OrganizationIP Volume inc

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

43 reports76% confidence
43
Source reports
76%
Confidence score
Category tags
abuseaccessaccess attemptaccess controlaccount compromiseaccount discoveryaccount securityackack scanactionactive reconnaissanceactive scanactive scanningadbadb brute forceadb protocoladbhoney activityadbhoney attackadbhoney attacksadbhoney honeypotadminadministrative accessagentalertand exploitation attemptsandroid device attacksanomalous network connectionsapiapplication layer protocolaptasiaasset discoveryattackattack activityattack sourceattack surface discoveryattack vectorsattacker ipattacker ip addressesattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated-attackautomated_attackbad reputationbad web botbanner grabbing attemptblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbrute_force_attemptbruteforcec2c2 communicationcanadacertchinachina mobilecins activecisco attackcisco brute forcecisco devicecisco device attackcisco device scanningcisco device targetingcisco exploitcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco protocol attackscisco targetedcisco_exploitcitrix attack attemptcitrix brute forcecitrix exploitationcitrix exploitation attemptcitrix exploitation attemptscitrix securitycloseclosed portcloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescloud-infrastructurecloud_infrastructurecode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommentcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised host activitycompromised host detectioncompromised hostscompromised system detectioncompromised systemsconfigconfig manipulationconfiguration manipulationconfiguration modificationconnectconnect scanconnected devicesconpot activityconpot attackconpot attacksconpot honeypotcontainer securitycontains-machocowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectedcowrie emulationcowrie honeypotcowrie interactionscowrie login attemptscowrie loginscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie_attackcredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-accesscredential-attackcredential-bruteforcingcredential-harvestingcredential-stuffingcredential_accesscredential_attackcredential_stuffingcron injectioncssctacurlcvecyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvestingdata harvesting attemptsdata store exposuredatabase access attemptdatabase activitydatabase attackdatabase attack attemptdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase intrusion attemptsdatabase login attemptdatabase probingdatabase scandatabase securitydatabase serverdatabase serversdcerpcddosddos attackddos attacksddos attemptddos preparationddos probeddos probingddospotdecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipdigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detecteddionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldirectory traversal attemptdiscovery phasedistributed attacksdnsdns attackdnsserverdockerdshield blockelasticpot dataelasticpot detectedelasticpot honeypotelasticsearchelasticsearch monitoringemailemfencryptionendpoint scanningenterprise networkingenterprise securityenumerationenv-huntinget dropeu cyber policieseuropeexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit scanexploit targetingexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexport-to-otxexposed serviceexposed servicesexternal access attemptsexternal attackexternal network scanexternal reconnaissanceexternal remote servicesexternal scanexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatextortionfailed authenticationfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefiltered portfinfin port scanfin scanfinlandfirewall detectionfirewall detection probefirewall evasionfirewall probingfranceftpftp activityftp attackftp attacksftp brute forceftp scanftp scanningftp_brute_forceftp_scanfull connect scangalahgeckogeneric exploitgermanygithubgluttongopotgroupshackinghellohellpotheralding activityherolding attackshk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probehttp probinghttp request anomalieshttp request anomalyhttp scanhttp scannerhttp scanninghttp_scanhttpshttps probehttps scanninghunterhurricane ushydraicmpicmp scanics attacksics securityics/scadaics/scada systemsics_scadaidentity & access exploitationids evasionimageimapimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsindustrial iotinfoinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure discoveryinfrastructure hackinginfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_accessinitial_access_attemptinitiator ipinjection activityinjection attacksintel macinternal scaninternet exposedinternet facinginternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet scaninternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-scanninginternet-wide observationinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion attemptintrusion detectioniocioc.ipiocsiot analyticsiot applicationsiot attacksiot botnetiot device targetingiot exploitationiot platformsiot securityiot systemsiot targetediot/ics attackip-addressesippipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 attacksipv4 indicatorsipv4 iocipv4 port scanningipv4 scanipv4 scanningipv4 threatsipv4 trafficipv4-addressesipv4-iocipv4-scanningipv4_activityipv4_addressipv4_indicatorsipv4_scanningit infrastructurejapankfsensor honeypotkhtmlkibanakill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server probinglamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability scanlamp_exploitlateral movementlateral movement techniqueslcialinuxlinux server targetinglinux serverslinux system targetinglinux systemslinux x8664linux-server-attacklinux-server-attackslinux_server_attackslisted sourcelog4potlogin attacklogin attemptlogin attemptslogin brute forcelogin failurelogin_attemptlondonlow-riskmail service probingmailoney activitymailoney attackmailoney email attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious email activitymalicious email detectionmalicious file transfermalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload attemptsmalicious payload detectionmalicious python scriptsmalicious script executionmalicious sftp activitymalicious softwaremalicious software detectionmalicious software targetingmalicious ssh activitymalicious trafficmalicious-activitymalicious-ipmalicious-login-attemptsmalicious_activitymalwaremalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware hostingmalware installationmalware landingmalware propagationmalware related activitymalware scanningmalware_activitymanualmariadbmass port scanmass port scanningmass scanningmass scanning activitymass-scanningmasscanmasscan activitymassive scanningmdatp commandmedia & entertainmentmedpotmelbourne regionmiraimirai botnetmispmobilemobile securitymobile threatmodbusmodbus protocolmodule loadingmssqlmssql brute forcemulti-protocol network scanningmultiple port scanmysqlmysql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork device attacksnetwork devicesnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork perimeternetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork servicenetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_device_attacknetwork_discoverynetwork_enumerationnetwork_intrusionnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetwork_service_exploitationnetworkscanningnginxnlnmapnmap scan detectednorth americanull port scannull scanoceaniaopen portopen port detectionopen port discoveryopen port identificationopen portsopen_port_discoveryopencanaryopenctiopenporsts_com-benignoperating systemoperating system detectionoperating system securityopportunistic attackopportunistic attackeropportunistic attacksopportunistic-attackos detectionos fingerprintingos fingerprinting attemptos xosintosint enrichmentot attacksp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_attackpassword_guessingpeexeperimeter securitypgp signphishingphishing attackphishing trappingping of deathpngpolandpoor reputationpop3 brute forceportport-scanningportscanpossible botnet activitypossible credential reusepossible exfiltrationpossible exploit attemptpossible exploit attemptspossible malicious activitypossible malware activitypossible malware deploymentpossible malware distributionpossible malware dropperpossible malware probingpossible malware propagationpossible mirai variantpossible reconnaissance activitypossible vulnerability assessmentpossible vulnerability probingpossible vulnerability scanpotential attack vectorpotential botnetpotential botnet activitypotential credential stuffingpotential credential theftpotential exploit activitypotential exploit attemptspotential exploit targetingpotential intrusionpotential intrusion attemptpotential malware activitypotential malware deliverypotential malware distributionpotential malware infectionpotential malware uploadpotential reconnaissancepotential reconnaissance activitypotential threatpotential threat activitypotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpre-attackprivilege escalationprocess injectionprotoprotocol abuseprotocol attackprotocol exploitationprotocol-abuseprotocol_enumerationproxyproxy accesspublic cloudpublic cloud targetingpublicly accessible infrastructurepythonransomwareraspberry-pircerdprdp attacksrdp exploitation attemptrdp scanrdp scanningrdp_scanreconnaissancereconnaissance activityredisredis exploitationredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityregional securityremote accessremote access abuseremote access attackremote access attacksremote access attemptremote access attemptsremote exploitation attemptremote loginremote serviceremote service exploitationremote servicesremote_accessreplication attackresearchedresource developmentresource hijackings7comms7comm protocolsansscanscannerscanner activityscanner detectionscanner ipscanner ipsscannersscanning activityscanning_activityscriptscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserverserver exploitationserver securityservice detectionservice discoveryservice enumerationservice exploitationservice probingservice scanservice scanningservice version detectionservice_enumerationseychellessftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp credential attacksftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptsftp probingsftp protocolsftp scanningsftp-attacksftp_attackshell accessshell access attemptsshell command executionsingaporesipsip attackssip brute forcesip enumerationsip heraldingsip probingsip protocolsip scansip scanningsip vulnerability exploitationsip vulnerability probingsip vulnerability scansip vulnerability scanningsip_attacksippslaveofslugsmart devicessmb attackssmb brute forcesmb exploitationsmb scanningsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp enumerationsmtp probingsmtp scansmtp scanningsnaresocial engineeringsocradarsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh bruteforcessh key injectionssh monitoringssh protocolssh scanssh scanningssh-brute-forcessh-bruteforcessh_brute_forcessh_bruteforcessh_scanstealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssuspected malicious activitysweep scansynsyn port scansyn scansyn_scansystem accesssystem discoverysystem disruptionsystem reconnaissancet-pott1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1033t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1069.001t1070.004t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1087.001t1087.002t1087.003t1088t1090t1095t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1136.001t1187t1189t1190t1195t1195.002t1199t1202t1203t1204t1204.002t1205t1210t1213t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1539t1550t1550.002t1550.003t1552.001t1555t1555.003t1555.004t1559t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1574.001t1583t1583.001t1583.002t1583.003t1583.004t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1589.003t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1591t1592t1592.002t1592.004t1593t1594t1595t1595.001t1595.002t1595.003t1598tannertanner activitytanner attacktanner attackstanner detectedtanner eventstanner exploitationtanner honeypottanner interactionstartargeting databasetcptcp port scanningtcp protocoltcp scantcp scanningtcp-scanningtcp/3306tcp/iptcp_scantelecommunicationstelnettelnet attackstelnet scantelnet scanningtelnet threattelnet-brute-forcetextthreatthreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-feedthreat-intelthreat-intelligencethreat_actor_unknownthreat_discoverythreat_intelligencetimeouttokyotop10.txttopips.txttor nodetorontotpottpotcetsecubuntuudp port scanudp port scanningudp scanudp-scanningudp_scanunattributed activityunattributed threat actorunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized scanningunauthorized-access-attemptunauthorized_access_attemptunidentified threat actorunited kingdomunited statesunknown actorunknown portunknown threat actorunsolicited network probeunusual network trafficus abuseus based sourceus ip addressus ip sourceus noneus sourceus source ipuser enumerationvalid accountsvalidatorverified-benignvnc protocolvoidtrapvoidtrap-intelligencevoipvoip attackvoip attacksvoip systemsvpnvpn ipvulnerabilityvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr ip addressvultr parisvultr tokyovultr-platformvultr_platform_activityweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb attackweb attacksweb crawling detectionweb exploitweb exploitationweb login attemptweb scannerweb serverweb server attacksweb server exploitationweb serversweb serviceweb service probingweb service scanningweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb_attackwgetwinwindow scanwindowswindows ntwindows system targetingwordpotxmasxmas port scanxmas scanxmas_scanxml

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), the IPv4 address `80.82.70.133`, represents a significant threat to organizational security, warranting immediate attention. Identified with a high threat score of 76.05 and explicitly not whitelisted, this IP address is strongly associated with malicious activity. It is linked to a variety of Linux-based malware families, including Trojans and cryptocurrency miners, indicating its use in widespread attacks for system compromise and resource hijacking. The pot…

Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
43
Reports
First seenJan 17, 2021
Last seenJun 2, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS202425
OrgIP Volume inc
Coords-4.7046, 55.5242
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC status: ALLOCATED UNSPECIFIED remarks: The country is really worldwide. remarks: This address space is assigned at various other places in remarks: the world and might therefore not be in the RIPE database. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-HM-MNT mnt-lower: AFRINIC-HM-MNT source: AFRINIC # Filtered parent: 0.0.0.0 - 255.255.255.255 organisation: ORG-IANA1-AFRINIC org-name: Internet Assigned Numbers Authority org-type: IANA country: EU # Country is really worldwide address: see http://www.iana.org remarks: The IANA allocates IP addresses and AS number blocks to RIRs remarks: see http://www.iana.org/ipaddress/ip-addresses.htm remarks: and http://www.iana.org/assignments/as-numbers admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-by: AFRINIC-HM-MNT remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC # Filtered role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: TEAM-AFRINIC tech-c: TEAM-AFRINIC nic-hdl: IANA1-AFRINIC remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-DB-MNT source: AFRINIC # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 21 days ago
Appeared in 43 threat reports