IOC Radar
IPMediumSignal 76/100

87.121.96.160

Location
BulgariaBulgaria
Slivo Pole, Ruse
ASN
AS215342
Teranet EOOD
First Seen
Mar 23, 2025
Last Seen
Feb 2, 2026
Mar 23
First Seen
460d ago
Feb 2
Last Seen
145d ago
10
Reports
source reports
76%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

25 techniques

Network Information

CountryBGBulgaria
RegionSlivo Pole, Ruse
ASNAS215342
OrganizationTeranet EOOD

Feed Intelligence Summary

10 reports76% confidence
10
Source reports
76%
Confidence score
Category tags
abuseaccess controlactive scanningbotnetbrute forcebrute force attackbrute force attemptbulgariacommand and controlcommunication protocolcredential accesscredential stuffingdata exfiltrationddos attacksdecoy systemdistributed attackseuropeindicatorinternet of thingsintrusion detectioniociot botnetiot/ics attackmalicious network activitymalicious softwaremalwaremirai botnetnetworknetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningpassword attacksprocess injectionprotocol exploitationreconnaissanceresearchedscanscannersecurity policyt1021.002t1040t1046t1055t1056.001t1059.001t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationstelnet threatthreat intelligencethreat prevention

Activity Timeline

1 total obs
Feb 2Feb 2

Threat Activity Heatmap

· Peak: 2026-02-02
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
10
Reports
First seenMar 23, 2025
Last seenFeb 2, 2026
GeolocationBG
CountryBulgaria
LocationSlivo Pole, Ruse
ASNAS215342
OrgTeranet EOOD
Coords42.6960, 23.3320

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 23 Telnet. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 87.121.96.0 - 87.121.97.255 netname: BG-TERANET-20050712 country: BG org: ORG-TE86-RIPE admin-c: TA8048-RIPE tech-c: TA8048-RIPE status: ALLOCATED PA mnt-by: lir-bg-teranet-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2021-07-20T08:46:07Z last-modified: 2021-07-20T08:46:07Z source: RIPE organisation: ORG-TE86-RIPE org-name: Teranet OOD country: BG org-type: LIR address: 3 Voden str. address: 7060 address: Slivo Pole address: BULGARIA phone: +359889659505 admin-c: TA8048-RIPE tech-c: TA8048-RIPE abuse-c: AR63346-RIPE mnt-ref: lir-bg-teranet-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-bg-teranet-1-MNT created: 2021-06-15T11:51:27Z last-modified: 2025-06-30T11:28:57Z source: RIPE # Filtered role: teranet-isp address: BULGARIA address: Slivo Pole address: 7060 address: 3 Voden str. phone: +359889659505 nic-hdl: TA8048-RIPE mnt-by: lir-bg-teranet-1-MNT created: 2021-06-15T11:51:26Z last-modified: 2021-06-15T11:51:27Z source: RIPE # Filtered route: 87.121.96.0/23 origin: AS215342 mnt-by: lir-bg-teranet-1-MNT created: 2024-03-12T12:24:09Z last-modified: 2024-03-12T12:24:09Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 10 threat reports