IOC Radar
IPMediumSignal 100/100

5.188.206.62

Location
BulgariaBulgaria
Golden, Colorado
ASN
AS200391
Technology Advanced Investment Limited
First Seen
Sep 22, 2020
Last Seen
Aug 5, 2025
Sep 22
First Seen
2099d ago
Aug 5
Last Seen
321d ago
20
Reports
source reports
99%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Network Information

CountryBGBulgaria
RegionGolden, Colorado
ASNAS200391
OrganizationTechnology Advanced Investment Limited

Feed Intelligence Summary

20 reports99% confidence
20
Source reports
99%
Confidence score
Category tags
access controlactive scanningaddress stateassuredattackauto-generated securitybankingbotnetbrute forcebrute force attackbulgariaclosecommand and controlcommand injectioncommunication protocolcowrie activitycowrie honeypotcredential accesscredential stuffingcredit card servicesdata exfiltrationdatabase securityddos attacksdecoy systemdenial of servicedionaea activitydionaea honeypotdirectory traversaldistributed attacksdpt44770 len24dpt48827 len24dpt56959 len24drop ineth4europefinancefinancial servicesfinancial technologyftp brute forcehttp scannerindicatorinformation technologyinjection attacksinput validationinternet of thingsintrusion detectioniot botnetiot/ics attackit infrastructurelen40 tos0x00len44 tos0x00load balancerload balancer bypassmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemirai botnetnetworknetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securityout maca85e45owasp top 10parameter injectionpassword attackspayment processingprec0x00 ttl243prec0x00 ttl51process injectionproto natedreconnaissanceresearchedresource hijackingscanscannerscanning activitysecurity policysentrypeer activitysentrypeer botnetsftp attacksip brute forcesoftware developmentssh attackssh monitoringstatus code 400syn urgp0t1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003t1608tannertcp protocoltelecommunicationsthreat actorthreat intelligencethreat preventiontortpottsecunauthorized access attemptunauthorized access attemptsvoipvoip attackwafwaf evasion attemptswealth managementweb application attackweb application probingweb exploitationweb scannerweb trafficxss

Activity Timeline

1 total obs
Aug 5Aug 5

Threat Activity Heatmap

· Peak: 2025-08-05
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
20
Reports
First seenSep 22, 2020
Last seenAug 5, 2025
GeolocationBG
CountryBulgaria
LocationGolden, Colorado
ASNAS200391
OrgTechnology Advanced Investment Limited
Coords39.7858, -105.1810

VirusTotal

Not checked

WHOIS

description
Webscanners who's requests resulted in HTTP Status code 400 due to WAF rules or LB parsing issues

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 10 months ago
Appeared in 20 threat reports