IPMediumSignal 66/100
79.124.62.122
Location
SeychellesVictoria, La Rivière Anglaise
ASN
AS207812
Internet Solutions & Innovations LTD
First Seen
Nov 21, 2020
Last Seen
Jun 18, 2026
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySeychelles
SeychellesRegionVictoria, La Rivière Anglaise
ASNAS207812
OrganizationInternet Solutions & Innovations LTD
Feed Intelligence Summary
23 reports66% confidence
23
Source reports
66%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningadministrative accessanomalous network connectionsapi keyasiaattackattack surface discoveryattack vectorsaustraliaauthentication attemptsauto-generated securityautomated attacksbad reputationbad web botbanner grabbing attemptbgblacklist candidateblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebruteforcebulgariac2c2 communicationc2 serverchina mobilecloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemsconnect scancredential accesscredential compromise attemptcredential harvestingcredential stuffingctacyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securitydcom exploitationddosddos attackddos attacksdecoy systemdefault companydenial of servicedenial-of-service attemptdigital oceandigitalocean infrastructuredirectory traversal probedistributed attacksencryptionenumerationenumeration activityenumeration attempteuropeexecutable fileexploit attemptsexploitation activityexploitation attemptsexploited hostexternal network scanexternal scanexternal scanningexternal threatexternal_threatfinfin port scanfin scanfingerprintingfinlandfirewall detectionfirewall detection probefirewall evasionfirewall probingfirstfranceftpftp brute forceftp brute-forceftp scanningfull connect scangbgermanygraph summaryhackinghk abusehandlerhoneynet connecthong konghttp brute forcehttp request anomalieshttp scannerhttpshurricane ushydraicmp scanidentity & access exploitationidsids evasionimap brute forceindicatorindicators of compromiseinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinjection activityinjection attacksinternal scaninternet of thingsinternet-wide scanintrusion attemptintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4 activityipv4 addressesipv4 scanningjapanjoinlateral movementlogin attacklogin attemptlogin attemptsmaimon scanmalicious activitymalicious ip activitymalicious ip listmalicious ipsmalicious network activitymalicious network scanningmalicious scanmalicious softwaremalicious trafficmalwaremalware deliverymalware distributionmanualmass port scanmass port scanningmass scanningmass scanning activitymasscanmasscan activitymassive port scanmedusamelbourne regionmicrosoft technologiesmirai botnetmsp-ctinetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_enumerationnetwork_scannetwork_scanningnetworkscanningnmapnmap scan detectednorth americanull port scannull scanobserved malicious activityoceaniaopen port detectionopen port discoveryopen port enumerationopen port identificationopenctioperating systemoperating system securityos detectionos fingerprintingos fingerprinting attemptpassword attackpassword attackspgp signphishingphishing attackpolandpop3 brute forceportscanpossible botnet activitypossible malware distributionpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpotential attack vectorpotential brute forcepotential credential stuffingpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobing activityprocess injectionprotocol exploitationprotocol scanningransomwarerdp scanningreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingrpcrtbhscanscannerscanner activityscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysecurity probingserver scanningservice detectionservice discoveryservice enumerationservice scanservice version detectionseychellessip scanningsmb scanningsmtp brute forcesocial engineeringspamsql brute forcesql injection attemptssql injection probesshssh attackssh scanningstealthstealth scanstealth scan techniquessuspected malicious activitysynsyn port scansyn scansyn scanningt1005t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.003t1021.004t1040t1046t1047t1048t1053t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1087t1087.001t1087.002t1087.003t1088t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1134t1187t1189t1190t1195t1203t1204t1205t1210t1213t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1583t1587.001t1588t1588.002t1589t1589.001t1589.002t1590t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet scanningtelnet threatthreat actorthreat actor activitythreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencetimeouttokyotop10.txttopips.txttor nodeudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized activityunauthorized network activityunauthorized probingunauthorized scanningunauthorized_accessunited kingdomunited statesunsolicited network probeus nonevalid accountsvalue avoipvulnerability scanvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr tokyovultr_platform_activityweb app attackweb application attackweb attackweb exploitationweb trafficwhois lookupswindow scanxmasxmas port scanxmas scanzmap
Activity Timeline
Jun 18Jun 18
Threat Activity Heatmap
· Peak: 2026-06-18LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
23
Reports
First seenNov 21, 2020
Last seenJun 18, 2026
GeolocationSC
CountrySeychelles
LocationVictoria, La Rivière Anglaise
ASNAS207812
OrgInternet Solutions & Innovations LTD
Coords42.6960, 23.3320
VirusTotal
Not checked
WHOIS
- description
- Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
- raw
- inetnum: 79.124.62.0 - 79.124.62.255 netname: CLOUDVPS-NET descr: CLOUDVPS-NET country: EU admin-c: NOC299-RIPE org: ORG-ISI14-RIPE tech-c: NOC299-RIPE abuse-c: NOC299-RIPE mnt-routes: TAMATYA-MNT mnt-domains: TAMATYA-MNT mnt-domains: ISI1 mnt-domains: ISI1 status: ASSIGNED PA mnt-by: AZ39139-MNT mnt-by: MNT-LIR-BG mnt-by: TAMATYA-MNT mnt-by: ISI1 created: 2019-11-08T10:06:48Z last-modified: 2022-01-06T09:38:49Z source: RIPE organisation: ORG-ISI14-RIPE org-name: Internet Solutions & Innovations LTD. country: SC org-type: OTHER address: National Cultural Centre 865 P.O. Box 1494, Victoria Mahe, Seychelles abuse-c: NOC299-RIPE mnt-ref: ISI1 mnt-ref: IPI mnt-ref: PITLINE-MNT mnt-by: ISI1 created: 2019-11-02T10:45:37Z last-modified: 2022-12-01T17:15:36Z source: RIPE # Filtered role: Network Operations Centre remarks: ****** FOR ABUSE ISSUES PLEASE CONTACT: [email protected] ****** address: National Cultural Centre 865 P.O. Box 1494, Victoria Mahe, Seychelles abuse-mailbox: [email protected] nic-hdl: NOC299-RIPE mnt-by: ISI1 created: 2019-11-02T10:37:19Z last-modified: 2021-01-26T08:48:43Z source: RIPE # Filtered route: 79.124.62.0/24 origin: AS207812 mnt-by: Tamatiya mnt-by: TAMATYA-MNT created: 2019-11-20T19:53:42Z last-modified: 2019-11-20T19:53:42Z source: RIPE route: 79.124.62.0/24 origin: AS50360 mnt-by: Tamatiya mnt-by: TAMATYA-MNT created: 2019-11-04T19:13:06Z last-modified: 2019-11-04T19:13:06Z source: RIPE
- references
- https://redpiranha.net, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 9 days ago
Appeared in 23 threat reports