IPMediumSignal 45/100
213.183.63.41
Location
BulgariaSofia, Sofia-Capital
ASN
AS56630
Melbikomas UAB
First Seen
Aug 6, 2025
Last Seen
Jun 7, 2026
Aug 6
First Seen
311d ago
Jun 7
Last Seen
6d ago
9
Reports
source reports
45%
Confidence
medium
12/91
VirusTotal
detections
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBulgaria
BulgariaRegionSofia, Sofia-Capital
ASNAS56630
OrganizationMelbikomas UAB
Feed Intelligence Summary
9 reports45% confidence
9
Source reports
45%
Confidence score
Category tags
abuseaccess clientactive scanamadeyanalystanydeskapisasnsasyncratauto-colorbackdoorbad reputationblueskybrute forcebrute_forcebulgariabypasscertchaoscisa kevcobalt strikecommand and controlcommand executioncommand injectioncredential accesscredential harvestingcredential stuffingcredential_accesscyberdarktracedata encryptiondata exfiltrationdata store exposuredeserializationdeserialization attackdesktopdragonforcedriverencryptioneuropeeurope/asiaexploitexploit availableexploitation activityextortionfindfirstfortraftpgh0st ratghostsocksgoanywhere mfthostname enumerationidentity & access exploitationin the wildinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinjection activityiocs filenameiocs medusait infrastructurelateral movementlicense bypasslinuxlooklumma stealerlynxmalicious powershell activitymalicious softwaremalwaremedusamedusa ransomwaremonitoringmsp compromisemspsnetworknetwork iocsnetwork scanningnetwork securitynetwork_reconnaissanceoptitune rmmorcaphishingphishing attackpossible ransomwarepost-exploitationpowershell executionprocess injectionprotocol exploitationproxypsexecpublic facing applicationqilinraasransomransomhubransomwareraspberry robinratsrclonereconnaissanceremote accessremote code executionremote servicesresearchedreverse shellrmm exploitationrmm softwarescripting attackssecurity operationsself-signedservicesocial engineeringsoftware developmentsoftware exploitation attemptsoftware vulnerabilitysoftware vulnerability exploitationssh attackssh connectionstealcstorm-1175supply chain attacksystemsystem disruptionsystem32 foldert1001t1003t1005t1016t1018t1021t1021.001t1021.002t1027t1036t1040t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1068t1070.004t1071t1071.001t1076t1078t1078.003t1086t1102t1105t1110t1110.002t1113t1133t1189t1190t1199t1202t1204t1204.002t1210t1486t1490t1505t1530t1543t1546t1547t1555t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1571t1587.001t1588t1589.001t1590.001t1592t1595talostalos irtelnet threattheythreat actorthreat intelligencetop storytor nodettpsturkeytwitteruab medusavulnerabilityvulnerability scanweb application attackwebshell deploymentxcssetzensec
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
9
Reports
First seenAug 6, 2025
Last seenJun 7, 2026
GeolocationBG
CountryBulgaria
LocationSofia, Sofia-Capital
ASNAS56630
OrgMelbikomas UAB
Coords42.6826, 23.3223
WHOIS
- description
- CC=BG ASN=AS56630 melbikomas uab
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 10 months ago · Last seen 6 days ago
Appeared in 9 threat reports