IPMediumSignal 22/100
78.128.114.42
Location
BulgariaKarlovo, Plovdiv
ASN
AS50360
Tamatiya EOOD
First Seen
Mar 13, 2024
Last Seen
Jun 2, 2026
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
22%
Signal Score
22 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBulgaria
BulgariaRegionKarlovo, Plovdiv
ASNAS50360
OrganizationTamatiya EOOD
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
13 reports22% confidence
13
Source reports
22%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotagentalertapi servicesaptattackattacker-ipaustraliaautomated attackautomated attacksautomated_attacksbad reputationbad web botbgbotnetbotnet activitybotnet infectionbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcebruteforcebulgariac2 communicationcins activeciscocisco asacisco asa attackcisco asa targetedcisco asa targetingcisco devicecisco device targetedcisco exploitcisco exploitationcisco_devicescommand & controlcommunication protocolcompromised credentialsconpotconpot honeypotcontent deliverycowriecowrie activitycowrie honeypotcowrie logscowrie ssh attackscredential accesscredential guessingcredential stuffingcredential theftcredential_access_attemptsdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdshield blockencryptionenterprise networkingenumerationet dropeuropeexploitexploitationexploitation activityexploitation attemptsexploited hostftpftp brute forceftp brute-forceftp protocolhackinghoneytrap honeypothttp brute forcehttp scannerhttpsicmpics securityidentity & access exploitationinbound scanindicatorindustrial control systemsinformation technologyinitial access attemptsinternet wide scaninternet-facing serviceintrusion detectioniot securityiot targetediot/ics attackipv4it infrastructurelamplamp exploitationlamp exploitation attemptlamp server attackslamp stacklamp stack exploitationlamp stack targetinglateral movementlcialinuxlinux_serverslisted sourcemalicious activitymalicious trafficmalwaremalware activitymalware behaviourmalware capturenetworknetwork attacksnetwork devicenetwork device attacksnetwork devicesnetwork discoverynetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnetwork servicesnorth americaoceaniaopenctipassword attackpassword attackspassword crackingperimeter devicesphishingpingping of deathpoor reputationportpossible credential stuffingpossible malware distributionpossible vulnerability exploitationpotential compromisepotential credential compromisepotential intrusionpotential lateral movementprotoprotocol exploitationrdp protocolreconnaissanceredis honeypotredishoneypotremote accessremote service exploitationremote servicesresearchedresource hijackingscanscannerscanning activitysecurity operationssentrypeer activitysentrypeer botnetsftpsftp access attemptsftp access attemptssftp attacksftp attemptsftp probingshell accesssipsip brute forcesip scanningsmtp brute forcesoftware developmentsshssh attackssh monitoringssh protocolssh scanningt-pott1003t1016t1018t1021t1021.001t1021.002t1040t1041t1046t1053t1057t1059t1059.004t1068t1071t1071.001t1076t1077t1078t1078.001t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1190t1203t1204t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1563t1589t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scanningtelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedtor nodetpotunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunited statesunknown threat actorvncvnc protocolvoipvoip attackvoip systemvpnvpn ipvulnerability scanweb apisweb app attackweb application attackweb application attacksweb applicationsweb developmentweb exploitweb exploitationweb hostingweb infrastructureweb serverweb servicesweb technologiesweb trafficweb_attacks
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
22
SIGNAL
Signal Score
22%
Confidence
13
Reports
First seenMar 13, 2024
Last seenJun 2, 2026
GeolocationBG
CountryBulgaria
LocationKarlovo, Plovdiv
ASNAS50360
OrgTamatiya EOOD
Coords42.6960, 23.3320
VPN
VirusTotal
Not checked
WHOIS
- description
- Observed making inbound scans on 2026-05-22 08:50:50
- raw
- inetnum: 78.128.114.0 - 78.128.114.255 netname: Tamatiya-EOOD descr: Tamatiya EOOD country: BG org: ORG-IPTL2-RIPE admin-c: PD8817-RIPE tech-c: PD8817-RIPE status: ASSIGNED PA mnt-by: MNT-LIR-BG mnt-by: TAMATYA-MNT mnt-routes: TAMATYA-MNT mnt-domains: TAMATYA-MNT created: 2019-03-26T10:29:00Z last-modified: 2019-10-02T17:39:20Z source: RIPE organisation: ORG-IPTL2-RIPE org-name: Tamatiya EOOD country: BG org-type: OTHER address: 35, Ivan Vazov str., Sopot, Bulgaria abuse-c: AR40280-RIPE mnt-ref: TAMATYA-MNT mnt-ref: MNT-LIR-BG mnt-by: TAMATYA-MNT created: 2014-10-22T22:11:46Z last-modified: 2022-12-01T17:15:26Z source: RIPE # Filtered person: Petar Dimov address: [email protected] address: [email protected] phone: +359988865442 nic-hdl: PD8817-RIPE mnt-by: TAMATYA-MNT created: 2016-11-06T19:36:43Z last-modified: 2022-12-20T20:23:46Z source: RIPE route: 78.128.114.0/24 origin: AS50360 mnt-by: TAMATYA-MNT created: 2018-03-28T16:58:01Z last-modified: 2018-03-28T16:58:01Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, MISP Event ID 3939, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 13 days ago
Appeared in 13 threat reports