IOC Radar
IPMediumSignal 75/100

79.124.40.126

Location
BulgariaBulgaria
Sopot, Plovdiv
ASN
AS50360
Tamatiya EOOD
First Seen
May 21, 2024
Last Seen
Jun 14, 2026
May 21
First Seen
766d ago
Jun 14
Last Seen
13d ago
15
Reports
source reports
75%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryBGBulgaria
RegionSopot, Plovdiv
ASNAS50360
OrganizationTamatiya EOOD

Feed Intelligence Summary

15 reports75% confidence
15
Source reports
75%
Confidence score
Category tags
abuseactive scanactive scanningaptattackattacker ipaustraliabad reputationbad web botbgblacklisted ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforcebulgariacommand and controlcommand executioncommunication protocolconfiguration modificationcowriecowrie honeypotcredential accesscredential stuffingcron injectiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedigital oceandionaeadionaea honeypotdistributed attackseuropeexploitexploitationexploitation activityexploited hostfattfingerprintingftpftp brute forcehackinghoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationidsinbound scanindicatorinjection activityintrusion detectionioclateral movementmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemodule loadingmsp-ctinetworknetwork activitynetwork attacksnetwork intrusionnetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisoceaniap0fpassword attacksphishingphishing attackphishing trapping of deathportscanprocess injectionprotocol exploitationrcereconnaissanceremote accessremote servicesreplication attackresearchresearchedresource hijackingscanscannerscannersscanning activityscripting attackssensor-taggedsentrypeer botnetserver exploitationservice scansip scanningsmtpsmtp brute forcesql injectionsshssh attackssh key injectionssh monitoringssh scanningssh-brutet1005t1016t1021t1021.001t1040t1046t1055t1059t1059.005t1059.007t1071t1071.001t1076t1078t1087t1110t1110.001t1110.002t1110.003t1110.004t1190t1202t1203t1486t1496t1499.001t1499.002t1499.003t1505.004t1555t1563t1565t1583t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedtor nodetpotudp scanunauthorized accessvoipvoip attackvulnerability scanvultrweb app attackweb attackweb exploitationweb traffic

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
15
Reports
First seenMay 21, 2024
Last seenJun 14, 2026
GeolocationBG
CountryBulgaria
LocationSopot, Plovdiv
ASNAS50360
OrgTamatiya EOOD
Coords42.6539, 24.7548

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw
inetnum: 79.124.40.0 - 79.124.40.255 netname: Tamatiya-EOOD org: ORG-IPTL2-RIPE descr: Tamatiya EOOD country: BG admin-c: PD8817-RIPE tech-c: PD8817-RIPE status: ASSIGNED PA mnt-by: MNT-LIR-BG mnt-by: TAMATYA-MNT created: 2023-06-06T09:12:27Z last-modified: 2023-06-06T09:12:27Z source: RIPE organisation: ORG-IPTL2-RIPE org-name: Tamatiya EOOD country: BG reg-nr: 160027049 org-type: OTHER address: 35, Ivan Vazov str., Sopot, Bulgaria abuse-c: AR40280-RIPE mnt-ref: TAMATYA-MNT mnt-ref: MNT-LIR-BG mnt-by: TAMATYA-MNT created: 2014-10-22T22:11:46Z last-modified: 2026-05-13T06:42:08Z source: RIPE # Filtered person: Petar Dimov address: [email protected] address: [email protected] phone: +359988865442 nic-hdl: PD8817-RIPE mnt-by: TAMATYA-MNT created: 2016-11-06T19:36:43Z last-modified: 2022-12-20T20:23:46Z source: RIPE route: 79.124.40.0/24 origin: AS50360 mnt-by: Tamatiya mnt-by: TAMATYA-MNT created: 2023-06-02T09:35:31Z last-modified: 2023-06-02T09:35:31Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 13 days ago
Appeared in 15 threat reports