IOC Radar
IPMediumSignal 37/100

77.221.4.83

Location
Bosnia and HerzegovinaBosnia and Herzegovina
Sarajevo, BIH
ASN
AS42560
TELEMACH BH
First Seen
Dec 19, 2024
Last Seen
Apr 5, 2026
Dec 19
First Seen
541d ago
Apr 5
Last Seen
68d ago
17
Reports
source reports
37%
Confidence
medium
4/91
VirusTotal
detections
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
37%
Signal Score
37 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Network Information

CountryBABosnia and Herzegovina
RegionSarajevo, BIH
ASNAS42560
OrganizationTELEMACH BH

Feed Intelligence Summary

17 reports37% confidence
17
Source reports
37%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningatif feedattackaustraliaauthenticationauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated attackbabad reputationbanlist feedbinary defensebosnia and herzegovinabotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forccisco devicecommand and controlcompromise attemptcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredecoy systemdevice managementdistributed attacksenterprise networkingeuropeexploitation activityexternal attackfail2ban alertfail2ban triggeredftp brute forceidentity & access exploitationindicatorinfoinfrastructure acquisitionreconnaissanceinjection activityinvalid login attemptslogin attemptmalicious activitymalicious softwaremalwaremanualmultiple failed loginsnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion detectionnetwork scanningnoticeoceaniapassword attackpassword attacksphishingphishing attackprocess injectionreconnaissanceremote accessresearchedscannersecurity logssecurity operationssftp attacksocial engineeringssh attackssh monitoringt1021t1021.004t1041t1055t1059t1059.004t1071.001t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1587.001t1588t1588.002t1590.001t1595t1595.001t1595.002t1595.003threat actorthreat intelligencetor nodeunauthorized access attemptunited kingdom

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
37
SIGNAL
Signal Score
37%
Confidence
17
Reports
First seenDec 19, 2024
Last seenApr 5, 2026
GeolocationBA
CountryBosnia and Herzegovina
LocationSarajevo, BIH
ASNAS42560
OrgTELEMACH BH
Coords44.2052, 17.9089

VirusTotal

4/ 91vendors flagged
4% detection rateJun 8, 2026

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 77.221.4.0 - 77.221.5.255 netname: MONET-NET descr: Monet CIP d.o.o. country: BA admin-c: TMCH-RIPE tech-c: TMCH-RIPE status: ASSIGNED PA mnt-by: BA-TELEMACH created: 2008-02-12T17:10:52Z last-modified: 2011-12-16T11:39:14Z source: RIPE # Filtered role: TELEMACH BH - IP OPERATIONS DEPARTMENT address: Dzemala Bijedica 216 address: 71000 Sarajevo mnt-by: MNT-TELEMACH abuse-mailbox: [email protected] admin-c: DS7777-RIPE tech-c: DS7777-RIPE tech-c: SS19136-RIPE tech-c: JK7384-RIPE nic-hdl: TMCH-RIPE created: 2011-02-08T10:16:03Z last-modified: 2012-09-01T16:33:44Z source: RIPE # Filtered route: 77.221.0.0/19 descr: TELEMACH BH origin: AS42560 mnt-by: BA-TELEMACH created: 2011-07-29T17:12:05Z last-modified: 2011-07-29T17:12:05Z source: RIPE # Filtered
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://redpiranha.net, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 17 threat reports