IPMediumSignal 100/100
95.214.27.18
Location
BulgariaKozloduy, Vratsa
ASN
AS20911
Surf.net Ltd
First Seen
Apr 13, 2023
Last Seen
Aug 5, 2025
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBulgaria
BulgariaRegionKozloduy, Vratsa
ASNAS20911
OrganizationSurf.net Ltd
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
360 f.c.u.abuseaccess attemptsaccess controlactive scanningauthentication attacksbanco santander colombiabankingbarclays bank plcblacklist candidatebotnetbrute forcebrute force attackbrute force attemptsbulgariacitizens trust companycommand and controlcommercial sexcommercial spamcommunication protocolconfigcredential accesscredential harvestingcredential stuffingcredit card servicesctadata exfiltrationdatabase securityddos attacksdecoy systemdelhidenial of servicediners club internationaldistributed attacksenergyeuropefinancefinancial servicesfinancial technologyfirst security bankftpftp brute forcegreat western bankgurgaonhttp brute forcehttp scannerhttp scanningicici bank canadaillegal servicesindiaindicatorinformation gatheringinitial accessinternet of thingsintrusion detectioniot botnetiot/ics attackjpmorgan chase banklogberg trust corp.malicious softwaremalwaremedia & entertainmentmirai botnetmysql brute forcenetherlandsnetworknetwork attacksnetwork discoverynetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynoidanorth americapassword attackpassword attackspayment processingphishing attackphpprocess injectionprotocol exploitationproxyreconnaissanceremote accessremote servicesresearchedscanscannerscanning activitysecurity policyserverserver exploitationservice probingslugsmtp brute forcesocial engineeringsociete generalespamspam advertisementspam advertisement campaignsql injectionssh attacksurface websyn port scant1016t1018t1021t1021.001t1040t1046t1055t1056t1059t1059.003t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1589t1595t1595.001t1595.002t1595.003t1598t1598.003tcp protocoltelnet threatthreat intelligencethreat preventionudp port scanunauthorized accessunited statesunited states of americaunited workers f.c.u.unsolicited communicationunsolicited contactunsolicited contentvnc protocolwealth managementweb application attackweb exploitationweb scannerweb trafficwestpac banking corporation
Activity Timeline
Aug 5Aug 5
Threat Activity Heatmap
· Peak: 2025-08-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenApr 13, 2023
Last seenAug 5, 2025
GeolocationBG
CountryBulgaria
LocationKozloduy, Vratsa
ASNAS20911
OrgSurf.net Ltd
Coords43.7833, 23.7291
Proxy
VirusTotal
Not checked
WHOIS
- description
- 32 unauthorized connection attempts to port 80 HTTP GET to /app[.]js from 95[.]214[.]27[.]18:44628 - 2023-03-28T02:55:16 HTTP GET to /config/app[.]js from 95[.]214[.]27[.]18:44632 - 2023-03-28T02:55:17 HTTP GET to /config[.]js from 95[.]214[.]27[.]18:44634 - 2023-03-28T02:55:17 HTTP GET to /config/config[.]js from 95[.]214[.]27[.]18:44642 - 2023-03-28T02:55:18 HTTP GET to /index[.]js from 95[.]214[.]27[.]18:44644 - 2023-03-28T02:55:19 HTTP GET to /config/index[.]js from 95[.]214[.]27[.]18:44646 - 2023-03-28T02:55:20 HTTP GET to /server[.]js from 95[.]214[.]27[.]18:44654 - 2023-03-28T02:55:20 HTTP GET to /config/server[.]js from 95[.]214[.]27[.]18:44666 - 2023-03-28T02:55:22
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 10 months ago
Appeared in 11 threat reports