IPMediumSignal 71/100

`91.92.199.36`

Location

Bulgaria

Sofia, Sofia-grad

ASN

AS34224

Elektron Invest Ltd.

First Seen

Mar 25, 2024

Last Seen

Jun 6, 2026

Mar 25

First Seen

807d ago

Jun 6

Last Seen

4d ago

Reports

source reports

71%

Confidence

medium

Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

71%

Signal Score

71 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

71 techniques

Network Information

Country

Bulgaria

RegionSofia, Sofia-grad

ASNAS34224

OrganizationElektron Invest Ltd.

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

31 reports71% confidence

Source reports

71%

Confidence score

Category tags

abuseaccess controlaccount accessaccount compromiseaccount discoveryaccount profilingaccount takeoveraccount takeover attemptactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackerapplication layer protocolaptasiaasnattackattack attemptattack sourceattacker-ipattacking ip listattempted accessaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attacksautomated brute forceautomated multi-vector probingautomated_attackbad reputationbad web botbgblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebrute_force_attackbruteforcebulgariac2c2 communicationc2 serverchina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftoncloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode-injectioncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcredential accesscredential attackcredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscredential_stuffingctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos preventiondecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean vpsdionaeadionaea honeypotdionaea payloadsdistributed attacksdos attemptencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexport-to-otxexternal attackexternal network probingexternal reconnaissanceexternal threatexternal_threatfail2ban alertfail2ban blockedfail2ban blocked ipfail2ban detectedfail2ban mitigationfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfatt detectionsfilefinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegame_servergb-originating attackgeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap eventshoneytrap honeypothong konghttp attackhttp brute forcehttp request anomalieshttp scannerhttp scanninghttp/httpshttpshurricane usidentity & access exploitationimap brute forceindiainfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial-accessinjection activityinjection attacksinternet background noiseintrusion detectioniociot securityiot targetedip-addressipv4ipv4 iocipv4 scanningipv4 threatipv4_addressit infrastructurejapankill-chain exploitationkill-chain reconnaissancelamplamp server targetinglamp stacklateral movementlinuxlinux systemslinux-server-attacksloginlogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin bruteforcelogin failurelow-riskmailmailoney eventsmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious loginmalicious payloadmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmanualmispmod securitymultiple failed loginsnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-attacknetwork_reconnaissancenetwork_scanningnetwork_service_exploitationnorth americanoticeoceaniaopen proxyosintp0fp0f signaturesparispassword attackpassword attackspassword crackingpassword-guessingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandpop3 brute forceport-scanport-scanningportscanpossible bot activitypossible botnet activitypossible brute forcepossible malware distributionpossible reconnaissancepotential compromisepotential intrusionprocess injectionprotocol exploitationprotocol-probingproxypublicly accessible infrastructureransomwarerate limitingreconnaissancereconnaissance activityred piranharemote accessremote access attackremote access attemptremote serviceremote servicesremote_accessresearchresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventsserver attackservice enumerationservice scansftp access attemptsftp access attemptssftp attacksingaporesipsip brute forcesip scanningsipvicious scansmtpsmtp attacksmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql-injectionsshssh attackssh brute-forcessh bruteforcessh monitoringssh scanningssh-brutestaging_serversuricata alertsswedensynsystem accesst1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1552.001t1555t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner eventstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnettelnet threatthreat activitythreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat_intelligencetimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesunknown threat actorus abuseus noneutc+1:00valid accountsvoidtrapvoipvoip attackvpnvpn ipvpsvps securityvulnerability scanvulnerability-scanvultrweb app attackweb application attackweb attackweb brute forceweb exploitweb exploitationweb loginweb spamweb trafficweb-attack

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

71%

Confidence

Reports

First seenMar 25, 2024

Last seenJun 6, 2026

GeolocationBG

CountryBulgaria

LocationSofia, Sofia-grad

ASNAS34224

OrgElektron Invest Ltd.

Coords42.6556, 23.3727

ProxyVPN

VirusTotal

Not checked

WHOIS

description: every host is banned for 3 hours and receives an abuse report from me every 96 hours if it continues
raw: inetnum: 91.92.199.32 - 91.92.199.39 netname: NETERRA-ELEKTRONINVEST-NET descr: Elektron Invest Ltd. country: BG admin-c: IP3487-RIPE tech-c: IP3487-RIPE status: ASSIGNED PA mnt-by: MNT-NETERRA created: 2017-05-12T09:04:03Z last-modified: 2017-05-12T09:04:03Z source: RIPE person: Ivan Petrov address: Bulgaria, Sofia, 162 Knyaz Boris street phone: +359899160250 nic-hdl: IP3487-RIPE mnt-by: MNT-NETERRA created: 2017-05-12T09:02:32Z last-modified: 2017-05-12T09:02:32Z source: RIPE route: 91.92.198.0/23 descr: Neterra Ltd. origin: AS34224 mnt-by: MNT-NETERRA created: 2016-03-10T14:58:04Z last-modified: 2016-03-10T14:58:04Z source: RIPE

`91.92.199.36`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy