IOC Radar
IPMediumSignal 80/100

80.82.77.139

Location
NetherlandsNetherlands
Amsterdam, NH
ASN
AS202425
IP Volume inc
First Seen
Jun 5, 2020
Last Seen
Jun 6, 2026
Jun 5
First Seen
2201d ago
Jun 6
Last Seen
9d ago
59
Reports
source reports
80%
Confidence
medium
Found in 59 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

136 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, NH
ASNAS202425
OrganizationIP Volume inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

59 reports80% confidence
59
Source reports
80%
Confidence score
Category tags
abuseaccessaccess attemptaccess attemptsaccess controlaccess_attemptaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningadbadb brute forceadb scanadb scanningadbhoney activityadbhoney attackadbhoney attacksadbhoney detectionadbhoney exploitationadbhoney exploitsadbhoney honeypotadbhoney interactionsadbhoney related activityadminadministrative accessandroid devicesanomalous network connectionsapi servicesapplication layer protocolaptasiaasset discoveryattachment phishingattackattack activityattack attemptattack patternattack preparatoryattack surface discoveryattack vectorsattacker ipattacker ip addressesattacker ipsattacker-ipattacker_ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication bypass attemptauthentication failureauthentication_attackautomated attackautomated attack activityautomated attacksautomated emailautomated enumerationautomated reconnaissance activityautomated scanautomated threatautomated threatsautomated-attackautomated_attackautomated_attacksbad reputationbad web botbankingbase64base64 encodingbecbeningbening scannerblacklist candidateblacklist ipblacklisted ipblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute-force-ftpbrute-force-sshbrute-force-webbrute_forcebrute_force_attackbruteforcebulk emailc2c2 communicationc2 servercanadacertchina mobilecisco asacisco attackcisco attackscisco devicecisco device attackcisco device scanningcisco device targetedcisco device targetingcisco exploitcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco targetedcisco_devicescisco_exploitcitrix exploitation attemptcitrix exploitation attemptscitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescloud-infrastructurecloud_infrastructurecode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommand-injectioncommon vulnerabilitiescommunication protocolcommunication securitycommunication technologiescompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host detectioncompromised hostscompromised system attemptcompromised systemsconfiguration manipulationconfiguration modificationconnectconnect scanconnected devicesconpotconpot activityconpot attackconpot attacksconpot honeypotconpot ics attackconpot ics attacksconpot interactionscontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie honeypot detectioncowrie interactioncowrie interactionscowrie logscowrie sshcowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh interactioncowrie ssh loginscowrie ssh logscowrie_attackcredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential phishingcredential stuffingcredential stuffing attemptscredential theftcredential-accesscredential-bruteforcingcredential-stuffingcredential_accesscredential_access_attemptscredential_attackcredential_compromisecredentialaccesscredit card servicescron injectionctacurlcvecyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvesting attemptsdata store exposuredata theftdatabase activitydatabase attackdatabase attack attemptsdatabase attacksdatabase exploitdatabase exploitationdatabase exploitation attemptdatabase intrusion attemptdatabase login attemptdatabase probingdatabase securitydatabase serversdatabase-serverdcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos attemptddos preparationddos probeddos probingddospotdecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipdigitalocean ipsdigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea exploit attemptsdionaea honeypotdionaea interactionsdionaea malwaredionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldirectory traversal attemptdirectory-bruteforcediscovery phasedistributed attacksdnp3dnsdns attackdockerelasticpot activityelasticpot dataelasticpot honeypotelasticsearchelasticsearch monitoringemailemailattackencryptionenterprise networkingenterprise securityenumerationenumeration attemptethernet/ipeu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit scanexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexposed servicesexternal access attemptsexternal attackexternal ipexternal network scanexternal reconnaissanceexternal scanexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinancefinancial servicesfinancial technologyfinlandfirewall detection probefirewall probingfrancefraud voipftpftp activityftp attackftp attacksftp brute forceftp brute-forceftp scanftp scanninggalahgb_based_servergeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityheralding attacksheralding behaviorheralding protocol abuseheralding scan activityhk abusehandlerhoneynet connecthoneytrap activityhoneytrap attackhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitation attemptshttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/shttpshurricane ushydraicmpics attackics securityics/scadaics/scada systemsidentity & access exploitationimapimap attacksinbound scanindicatorindicators of compromiseindustrial control systemsindustrial iotinetinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure attackinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access activityinitial access attemptinitial access attemptsinitial access preparationinitial access vectorinitial-accessinitial_accessinjection activityinjection attacksinput validationintel macinternet background noiseinternet exposedinternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet scaninternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-wide observationinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion attemptintrusion detectioniociocsiot analyticsiot applicationsiot attackiot botnetiot device targetingiot devicesiot exploit attemptsiot platformsiot securityiot targetediot/ics attackip-address-iocip-addressesipmi scanipmi scanningipphoney activityipphoney dataipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4 trafficipv4-addressesipv4-iocipv4_activityipv4_addressipv4_indicatorsit infrastructurejapankfsensor honeypotkhtmlkibanakill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_exploitlateral movementlateral movement attemptlateral movement techniqueslcialinuxlinux malwarelinux malware probelinux serverslinux systemlinux systemslinux systems targetedlinux x8664linux-server-attacklinux-systemlinux_server_attackslinux_serversload balancerlog4potloginlogin attacklogin attemptlogin attemptslogin brute forcelogin_attacklogin_attemptlondonlow-riskmail protocol abusemailoney activitymailoney attackmailoney detectionmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious file transfermalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious scanmalicious softwaremalicious software detectionmalicious sshmalicious ssh activitymalicious trafficmalicious-ipmalicious-login-attemptsmalicious-scanmalicious_activitymalicious_trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware detectionmalware distributionmalware distribution attemptmalware distribution attemptsmalware downloadmalware download attemptmalware download attemptsmalware installationmalware landingmalware payloadmalware propagationmalware scanningmalware_activitymanualmass port scanmass scanningmasscanmasscan activitymassive port scanmedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmobilemobile carriersmobile networksmobile securitymobile threatmodbusmodule loadingmssqlmssql brute forcemultiple port scanmysql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork devicenetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service exploitationnetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-discoverynetwork-reconnaissancenetwork-servicenetwork_activitynetwork_attacknetwork_discoverynetwork_enumerationnetwork_intrusionnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnlnmapnmap scannmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port enumerationopen portsopen proxyopen_port_discoveryopenctiopenporsts_com-benignoperating systemoperating system securityopportunistic attackopportunistic attackeropportunistic-attackos credential dumpingos detectionos fingerprintingos fingerprinting attemptos xosintp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispasswordpassword attackpassword attackspassword crackingpassword cracking attemptspassword sprayingpassword theftpassword_attackpayment fraudpayment processingperimeter devicesperimeter securitypgp signphishingphishing attackphishing campaignphishing trapphp injection attemptsping of deathpolandpop3 attacksport-scanport-scanningportscanpossible botnet activitypossible credential reusepossible exploit attemptpossible exploit attemptspossible exploit probingpossible malwarepossible malware activitypossible malware distributionpossible malware dropperpossible malware hostingpossible malware infectionpossible malware propagationpossible mirai variantpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpotential attack vectorpotential botnetpotential botnet activitypotential compromisepotential credential theftpotential data exfiltrationpotential exploitpotential exploit activitypotential exploit attemptspotential exploit targetingpotential intrusionpotential intrusion attemptpotential malicious activitypotential malware activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential malware downloadpotential malware infectionpotential malware uploadpotential reconnaissance activitypotential threatpotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpotential_compromiseprice requestprice request scamprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpublic cloudpublic cloud targetingpythonransomwareransomware activityrcerdprdp attacksrdp exploitationrdp scanrdp scanningreconnaissancereconnaissance activityredisredis exploit attemptredis exploitation attemptredis honeypotredis honeypot attackredishoneypot activityredishoneypot attackregional securityremote accessremote access attackremote access attemptremote access attemptsremote access serviceremote service exploitationremote service interactionremote servicesreplication attackresearchresearchedresource developmentresource hijackingrpcrtbhsansscada/ics attacksscams & fraudscanscannerscanner activityscanner detectionscanner ipscanner ipsscannersscanning activityschedule themescheduled task abusescriptscripting attackssecurity eventsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer botnetsentrypeer connectionssentrypeer detectionsentrypeer eventssentrypeer exploitsentrypeer interactionssentrypeer p2p attacksentrypeer sip attacksserver exploitationserver securityservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice-discoveryservice_enumerationsftpsftp abusesftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp brute-forcesftp credential attacksftp exploitationsftp exploitation attemptsftp intrusion attemptsftp intrusion attemptssftp probingsftp protocol abusesftp scanningsftp traffic analysissftp-attacksftp_attackshellshell accessshodan_io-benignsingaporesipsip attackssip brute forcesip brute-forcesip enumerationsip probingsip scansip scanningsip vulnerability scansip_attacksippslaveofslugsmart devicessmbsmb attackssmb brute forcesmb scanningsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp traffic analysissnaresocial engineeringsocradarsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh brute-forcessh key injectionssh monitoringssh scanssh scanningssh-brutessh-brute-forcessh_bruteforcestealth scansurface websuricata alertsuricata alertssuspected malicious activitysynsyn port scansyn scansystem discoverysystem reconnaissancet-pott1003t1003.001t1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1036t1040t1041t1046t1047t1048t1048.003t1053t1053.005t1055t1056t1056.001t1056.004t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1110: brute forcet1133t1134t1187t1189t1190t1192t1195t1199t1202t1203t1204t1204.001t1204.002t1210t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1539t1547t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1583.002t1583.003t1584t1584.001t1584.002t1584.003t1584.004t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003t1595: active scanningt1598t1598.003t1608tannertanner activitytanner attacktanner attackstanner detectiontanner eventstanner exploit detectiontanner exploit kittanner incidenttanner interactionstanner web attacktargeting databasetariff server compromisetariff server themetariffs servertcptcp port scanningtcp protocoltcp scantcp scanningtcp-scantcp-scanningtcp/23tcp/iptcp_scantelecom servicestelecommunicationstelnet attackstelnet scantelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intel-feedthreat-intelligencethreat_discoverythreat_intelligencetimeouttokyotop10.txttopips.txttor nodetorontotpottpotcetsecttpsturkeyubuntuudp port scanudp port scanningudp scanudp-scanudp-scanningudp_scanunattributed activityunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized scanningunauthorized-access-attemptunited kingdomunited statesunknown actorunknown threat actorunsolicited emailunsolicited scanningunusual network trafficus abuseus nonevalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvoip systemvoip systemsvulnerability scanvultrvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr ip addressvultr tokyovultr-platformvultr_platform_activitywafweak credentialswealth managementweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanningweb applicationsweb attackweb attacksweb crawling detectionweb developmentweb exploitweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serverweb server attacksweb serversweb service attacksweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-attackweb-serverweb_attackweb_attackswetransfer abusewgetwinwindowswindows malwarewindows ntwindows systemwordpotxmasxmas port scanxmas scanxss

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
59
Reports
First seenJun 5, 2020
Last seenJun 6, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, NH
ASNAS202425
OrgIP Volume inc
Coords52.3716, 4.8883
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 80.82.77.0 - 80.82.77.255 netname: NET-1-77 descr: IPV NETBLOCK country: NL geoloc: 52.370216 4.895168 org: ORG-IVI1-RIPE admin-c: IVI24-RIPE tech-c: IVI24-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2013-04-26T10:57:52Z last-modified: 2019-02-01T18:30:06Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: IPV address: BZ nic-hdl: IVI24-RIPE mnt-by: IPV created: 2018-05-16T13:28:41Z last-modified: 2023-09-08T14:14:36Z source: RIPE # Filtered route: 80.82.77.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-01T18:35:24Z last-modified: 2019-02-01T18:35:24Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 years ago · Last seen 9 days ago
Appeared in 59 threat reports