IOC Radar
IPMediumSignal 100/100

109.160.123.6

Location
BulgariaBulgaria
Sofia, Sofia-Capital
ASN
AS44313
Addresses of Set Services
First Seen
Jan 16, 2025
Last Seen
Oct 22, 2025
Jan 16
First Seen
510d ago
Oct 22
Last Seen
232d ago
14
Reports
source reports
99%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

27 techniques

Network Information

CountryBGBulgaria
RegionSofia, Sofia-Capital
ASNAS44313
OrganizationAddresses of Set Services

Feed Intelligence Summary

14 reports99% confidence
14
Source reports
99%
Confidence score
Category tags
abuseaccount discoveryaccount profilingaccount takeoveractive scanningatif feedauthentication attackbanlist feedbgbinary defensebotnetbrute forcebrute force attackbrute force attemptbulgariacivil servicescommand and controlcompromised credentialscredential accesscredential harvestingcredential stuffingdata exfiltrationdistributed attackseuropeexternal ipfailed logingovernment technologyimapimap attackindicatorinfrastructure acquisitionreconnaissanceintrusion detectionknown malicious actorlocal governmentlocal government targetlogin attacklogin attemptmalicious softwaremalwaremanualnetworknetwork securitypassword attacksphishing attackprocess injectionpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesresearchedscannersocial engineeringssh attackt1040t1055t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1567t1587.001t1590.001t1592.004t1595.001t1595.002t1595.003threat intelligenceunauthorized accessunited kingdom

Activity Timeline

1 total obs
Oct 22Oct 22

Threat Activity Heatmap

· Peak: 2025-10-22
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
14
Reports
First seenJan 16, 2025
Last seenOct 22, 2025
GeolocationBG
CountryBulgaria
LocationSofia, Sofia-Capital
ASNAS44313
OrgAddresses of Set Services
Coords42.6960, 23.3320

VirusTotal

Not checked

WHOIS

raw
inetnum: 109.160.122.0 - 109.160.123.255 netname: SETSERVICE09_GCN descr: Addresses of Set Services Elin Pelin country: BG admin-c: MJ2269-RIPE tech-c: MJ2269-RIPE status: ASSIGNED PA mnt-by: LIR-GCN-MNT created: 2023-01-23T08:42:55Z last-modified: 2024-11-19T10:08:30Z source: RIPE person: Mihail Jordanov mnt-by: GCN-LIR-MNT address: Elin Pelin, Bulgaria phone: +359 2 nic-hdl: MJ2269-RIPE created: 2005-07-27T11:38:14Z last-modified: 2015-05-12T07:02:31Z source: RIPE # Filtered route: 109.160.122.0/23 descr: Set Services Elin Pelin origin: AS44313 remarks: mnt-by: LIR-GCN-MNT created: 2023-01-23T09:09:55Z last-modified: 2024-11-19T10:06:20Z source: RIPE
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, Sign in from malicious ip blocked-2025-02-17 17_19_32.861.csv, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 months ago
Appeared in 14 threat reports