IOC Radar
IPMediumSignal 35/100

87.254.165.100

Location
BulgariaBulgaria
Veliko Tarnovo, Sofia (stolitsa)
ASN
AS8866
Telnet Limited
First Seen
Jan 16, 2025
Last Seen
Mar 27, 2026
Jan 16
First Seen
514d ago
Mar 27
Last Seen
79d ago
15
Reports
source reports
35%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
35%
Signal Score
35 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

26 techniques

Network Information

CountryBGBulgaria
RegionVeliko Tarnovo, Sofia (stolitsa)
ASNAS8866
OrganizationTelnet Limited

Feed Intelligence Summary

15 reports35% confidence
15
Source reports
35%
Confidence score
Category tags
abuseaccount brute forceaccount discoveryaccount profilingaccount takeoveractive scanningatif feedauthentication attackazure adbanlist feedbelgiumbgbinary defensebotnetbrute forcebrute force attemptbulgariacivil servicescommand and controlcompromised credentialscredential accesscredential harvestingctadata exfiltrationdistributed attackseuropeexternal ipfailed authenticationfailed logingovernment technologyimapimap attackindicatorinformation technologyinfrastructure acquisitionreconnaissanceintrusion detectionit infrastructureknown malicious actorlocal governmentlocal government targetlogin attacklogin attemptmalicious softwaremalwaremanualnetworknetwork securityphishing attackprocess injectionpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesresearchedscannersecurity operationssmtpsmtp attackersocial engineeringsoftware developmentt1040t1055t1071.001t1078t1110t1110.001t1110.003t1133t1189t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1567t1587.001t1590.001t1592.004t1595.001t1595.002t1595.003threat intelligenceunauthorized accessunited kingdom

Activity Timeline

1 total obs
Mar 27Mar 27

Threat Activity Heatmap

· Peak: 2026-03-27
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
35
SIGNAL
Signal Score
35%
Confidence
15
Reports
First seenJan 16, 2025
Last seenMar 27, 2026
GeolocationBG
CountryBulgaria
LocationVeliko Tarnovo, Sofia (stolitsa)
ASNAS8866
OrgTelnet Limited
Coords43.0848, 25.6606

VirusTotal

Not checked

WHOIS

raw
inetnum: 87.254.164.0 - 87.254.167.255 netname: VIVACOM-TELNET-VT-GO country: BG admin-c: BTC3-RIPE tech-c: BTC3-RIPE status: ASSIGNED PA mnt-by: BT95-ADM created: 2024-02-16T09:23:27Z last-modified: 2024-02-16T09:23:27Z source: RIPE role: BTC IP ADDRESS SPACE administration address: Bulgarian Telecommunications Company Plc. address: 115I, Tsarigradsko shose Blvd. address: 1784, Sofia address: Bulgaria remarks: www.vivacom.bg nic-hdl: BTC3-RIPE remarks: hostmaster role account mnt-by: BT95-ADM created: 2001-11-30T11:48:48Z last-modified: 2024-08-30T13:28:41Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 87.254.165.0/24 origin: AS34754 mnt-by: BT95-ADM created: 2024-02-16T09:29:35Z last-modified: 2024-02-16T09:29:35Z source: RIPE route: 87.254.165.0/24 origin: AS8866 mnt-by: BT95-ADM created: 2024-02-16T09:30:02Z last-modified: 2024-02-16T09:30:02Z source: RIPE
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, Sign in from malicious ip blocked-2025-02-17 17_19_32.861.csv, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 15 threat reports