IOC Radar
IPMediumSignal 72/100

79.124.49.174

Location
BulgariaBulgaria
Sopot, Plovdiv
ASN
AS50360
Tamatiya EOOD
First Seen
May 31, 2023
Last Seen
Jun 16, 2026
May 31
First Seen
1118d ago
Jun 16
Last Seen
7d ago
26
Reports
source reports
72%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryBGBulgaria
RegionSopot, Plovdiv
ASNAS50360
OrganizationTamatiya EOOD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

26 reports72% confidence
26
Source reports
72%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount discoveryackactive scanactive scanninganomalous network connectionsapacheapache attackerapi keyaptasiaattackattacker ipattacker-ipbad ip'sbad reputationbad web botbgblock listblock.txtbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcebulgariac2c2 communicationcertchina mobilecolumnscommand & controlcommand and controlcommunication protocolcompany limitedconnect scancowriecredential accesscredential harvestingcredential stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredatabase securityddosddos attackdecoy systemdefault companydefensedenial of servicedenial-of-service attemptdigital oceandionaeadistributed attacksenumerationenumeration attempteuropeexecutable fileexploitation activityexploitation attemptsexploited hostexternal scanfattfinfin port scanfin scanfinance and insurancefingerprintingfirewall detectionfirstfraudftp brute forceftp brute-forcegraph summaryhackinghk abusehandlerhong konghttp brute forcehttp request anomalieshttp scanninghurricane usidentity & access exploitationidsids evasioninbound scanindicatorinitial accessinjection activityinjection attacksiot securityiot targetedipqsjoinkfsensor honeypotlateral movementmalicious activitymalicious ip addressesmalicious softwaremalicious trafficmalwaremalware activitymalware capturemalware distributionmassive port scanmediamsp-ctinetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnull port scannull scanopen port detectionopen proxyopenctios fingerprintingp0fpassword attackspassword crackingpgp signphishingphishing attackping of deathportscanpossible botnet activitypossible malware distributionpossible reconnaissancepotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprocess injectionprotocol exploitationproxyransomwarerdpreconnaissancereconnaissance activityremote accessremote servicesresearchresearchedretail tradertbhscams & fraudscannerscannersscanning activitysecurity operationssecurity policysensor-taggedservice detectionservice discoveryservice enumerationservice scanservice version detectionsmtp brute forcesocial engineeringsocradarspamsql injectionsshssh attackssh-brutestealthsuspected botnetsuspected malicious activitysynsyn port scansyn scansystem discoveryt1003t1016t1018t1021t1021.001t1040t1046t1047t1048t1053t1055t1056t1059t1059.003t1065t1068t1071t1071.001t1076t1078t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1210t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat actor activitythreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpottsecudp port scanus nonevalid accountsvalue avoidtrapvulnerability scanvultrweb app attackweb application attackweb attackweb exploitationweb spamwhois lookupsxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 16Jun 16

Threat Activity Heatmap

· Peak: 2026-06-16
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
26
Reports
First seenMay 31, 2023
Last seenJun 16, 2026
GeolocationBG
CountryBulgaria
LocationSopot, Plovdiv
ASNAS50360
OrgTamatiya EOOD
Coords42.6539, 24.7548
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 79.124.49.0 - 79.124.49.255 netname: Tamatiya-EOOD org: ORG-IPTL2-RIPE descr: Tamatiya EOOD country: BG admin-c: PD8817-RIPE tech-c: PD8817-RIPE mnt-routes: TAMATYA-MNT mnt-domains: TAMATYA-MNT status: ASSIGNED PA mnt-by: AZ39139-MNT mnt-by: MNT-LIR-BG mnt-by: TAMATYA-MNT created: 2017-03-29T21:12:42Z last-modified: 2017-11-01T14:31:24Z source: RIPE organisation: ORG-IPTL2-RIPE org-name: Tamatiya EOOD country: BG org-type: OTHER address: 35, Ivan Vazov str., Sopot, Bulgaria abuse-c: AR40280-RIPE mnt-ref: TAMATYA-MNT mnt-ref: MNT-LIR-BG mnt-by: TAMATYA-MNT created: 2014-10-22T22:11:46Z last-modified: 2022-12-01T17:15:26Z source: RIPE # Filtered person: Petar Dimov address: [email protected] address: [email protected] phone: +359988865442 nic-hdl: PD8817-RIPE mnt-by: TAMATYA-MNT created: 2016-11-06T19:36:43Z last-modified: 2022-12-20T20:23:46Z source: RIPE route: 79.124.49.0/24 origin: AS50360 mnt-by: TAMATYA-MNT created: 2017-03-30T06:33:20Z last-modified: 2017-03-30T06:33:20Z source: RIPE
references
https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://list.rtbh.com.tr/output.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 7 days ago
Appeared in 26 threat reports