IOC Radar
IPMediumSignal 59/100

91.148.190.150

Location
BulgariaBulgaria
Sopot, Plovdiv
ASN
AS50360
Tamatiya EOOD
First Seen
May 25, 2023
Last Seen
Jun 19, 2026
May 25
First Seen
1125d ago
Jun 19
Last Seen
4d ago
25
Reports
source reports
59%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

82 techniques

Network Information

CountryBGBulgaria
RegionSopot, Plovdiv
ASNAS50360
OrganizationTamatiya EOOD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

25 reports59% confidence
25
Source reports
59%
Confidence score
Category tags
abuseabuseipdbaccess attemptsaccess controlaccount compromiseaccount securityactive scanactive scanningactor listadbadb protocoladbhoney honeypotadminadministrative accessandroid devicesangelanomalous network connectionsaptasiaattackattacker ipattacker-ipaustraliaauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attacksautomated threatbad reputationbad web botbgblacklist candidateblacklisted ip addressblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcebulgariac2c2 communicationchina mobilecloudcloud computingcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecode executioncode-injectioncogentcolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised hostcompromised systemcompromised systemsconpot honeypotconsumer goodscontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcredential accesscredential attackcredential harvestingcredential stuffingcredential-accesscredential_accesscredential_attackcredentialaccessctactrlscurlcvedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos attacksddos participationddospotdecoy systemdenial of servicedenial-of-service attemptdictionary_attackdigital oceandigitalocean infrastructuredigitalocean ipdigitalocean ipsdigitaloceanasndionaeadionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackdockerdroppereducationelasticpot honeypotelasticsearchelasticsearch monitoringencryptionengineeringenumerationeuropeexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal_scanningfattfatt detectionsfatt signaturesfin port scanfin scanfranceftpftp attacksftp brute forcegalahgluttongopothackinghellpothk abusehandlerhoneytrap activityhoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane ushydraicmpics securityidentity & access exploitationimapinbound scanindiaindia educationindicatorindicators of compromiseindustrial control systemsinfrastructure scanninginitial accessinitial-accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion attemptintrusion detectioniociot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4japankfsensor honeypotkibanalateral movementlegallog4potlogin attacklogin attemptsloginattackmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious communication blockingmalicious domainmalicious ipmalicious ip activitymalicious network activitymalicious softwaremalicious trafficmalicious-ipmalwaremalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware distributionmalware downloadmalware droppermass scanningmasscanmediamedpotmelbourne regionmiraimirai botnetmisp threatmobilemobile securitymobile threatmssqlmssql brute forcemulti-cloud managementmysql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork-reconnaissancenetwork-servicenetwork_enumerationnetwork_probingnetwork_reconnaissancenetworkscanningnmapnull port scannull scanoceaniaopen port detectionopen threatoperating systemoperating system securityopportunistic attackotx pulsenametip0fp0f os fingerprintingp0f passive fingerprintingp0f signaturespanamapassword attackpassword attackspassword crackingpassword_attackpgp signphishingphishing attackphishing trappinkpinyinpla unitport-scanningportscanpossible botnet activitypossible malware distributionpotential credential stuffingpotential threat actorpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationproxyproxy accessransomwareransomware activityrdprdp attacksrdp exploitation attemptreconnaissancereconnaissance activityredis honeypotremote accessremote servicesresearchresearchedresource hijackingretail tradertbhscanscannerscanner activityscanner ipscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationserviceservice detectionservice discoveryservice enumerationservice probingservice scanservice_enumerationshell accesssip scanningsippsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptssql-injectionsshssh attackssh attacksssh monitoringssh scanningssh-brutesuricata alertsuricata alertssynsyn port scansyn scansyn_scansystem discoveryt-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1021.007t1027t1029t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.002t1078.004t1083t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583t1588t1588.002t1588.006t1589t1592t1595t1595.001t1595.002t1595.003tamatiya eoodtannertanner eventstanner interactionstargeting databasetcptcp protocoltcp scantelecommunicationstelnet attackstelnet threattftpthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intel-feedti advisorytimeouttop10.txttopips.txttor nodetpottsocudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunit coverunitedunited kingdomus abuseus nonevnc protocolvoidtrapvoipvoip attackvulnerability scanvultrvultr infrastructurevultr infrastructure targetedvultr ip addressvultr parisvultr tokyoweb app attackweb application attackweb application attacksweb attackweb brute forceweb exploitationweb login attemptweb shellweb shell uploadweb spamweb trafficweb-attackwgetwinwindowswordpotxmas port scanxmas scanxmas_scan

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
25
Reports
First seenMay 25, 2023
Last seenJun 19, 2026
GeolocationBG
CountryBulgaria
LocationSopot, Plovdiv
ASNAS50360
OrgTamatiya EOOD
Coords42.6960, 23.3320
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw
inetnum: 91.148.190.0 - 91.148.191.255 netname: Tamatiya-EOOD country: BG org: ORG-IPTL2-RIPE admin-c: PD8817-RIPE tech-c: PD8817-RIPE status: ASSIGNED PA mnt-by: MNT-LIR-BG mnt-by: TAMATYA-MNT created: 2022-10-12T08:20:33Z last-modified: 2022-10-12T08:20:33Z source: RIPE organisation: ORG-IPTL2-RIPE org-name: Tamatiya EOOD country: BG org-type: OTHER address: 35, Ivan Vazov str., Sopot, Bulgaria abuse-c: AR40280-RIPE mnt-ref: TAMATYA-MNT mnt-ref: MNT-LIR-BG mnt-by: TAMATYA-MNT created: 2014-10-22T22:11:46Z last-modified: 2022-12-01T17:15:26Z source: RIPE # Filtered person: Petar Dimov address: [email protected] address: [email protected] phone: +359988865442 nic-hdl: PD8817-RIPE mnt-by: TAMATYA-MNT created: 2016-11-06T19:36:43Z last-modified: 2022-12-20T20:23:46Z source: RIPE route: 91.148.190.0/24 origin: AS50360 mnt-by: Tamatiya mnt-by: TAMATYA-MNT created: 2022-10-14T11:16:26Z last-modified: 2022-10-14T11:16:26Z source: RIPE
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://example.com, https://list.rtbh.com.tr/output.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 4 days ago
Appeared in 25 threat reports