Threat LevelCRITICAL80/1001 rule type
3 incidents on record · active attack detected · last seen 1d ago · bulletproof hosting
| PTR | pause-mail-wi0.metashort.net |
| Org / ASN | Tamatiya EOOD |
| Country | 🇧🇬 Bulgaria |
| City | Sopot, Plovdiv |
| Timezone | Europe/Sofia |
Abuse-Tolerant HostingTamatiya EOOD / 4vendeta.com (AS50360 + AS209160)
Tamatiya EOOD (registered Sopot, Bulgaria; reportedly Russian-operated) runs AS50360 under the 4vendeta.com and VenomDC brands across 26 confirmed CIDR blocks (~6,000 IPs). A satellite ASN, AS209160 (Miti 2000 EOOD / Rack-web, nominally Seychelles-registered), is maintained by Tamatiya's own TAMATYA-MNT maintainer object — treat both as one operator. Neighboring IPs accumulate tens of thousands of AbuseIPDB reports: one IP carries 36,949 reports at 100% confidence. The consistent PTR scheme (ip-[octet3]-[octet4].4vendeta.com) confirms static VPS allocations used for port scanning, SMTP dictionary attacks with subnet-hopping on block, service probing, and honeypot-tripping reconnaissance.
Attack Analysis
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
Reports (3)
| Date | Severity | Description |
|---|---|---|
| 18 Jun 2026 - 07:47 | high | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 18 Jun 2026 - 07:19 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 18 Jun 2026 - 07:19 | high | IDS: Suricata alert |
EagleEye Intelligence