IOC Radar
IPMediumSignal 54/100

79.124.62.130

Location
SeychellesSeychelles
Victoria, La Rivière Anglaise
ASN
AS207812
Internet Solutions & Innovations LTD
First Seen
Nov 22, 2021
Last Seen
May 26, 2026
Nov 22
First Seen
1675d ago
May 26
Last Seen
28d ago
19
Reports
source reports
54%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountrySCSeychelles
RegionVictoria, La Rivière Anglaise
ASNAS207812
OrganizationInternet Solutions & Innovations LTD

IP Category

VPN
VPN exit node

Feed Intelligence Summary

19 reports54% confidence
19
Source reports
54%
Confidence score
Category tags
abuseackack scanactive scanactive scanningadminapplication layer protocolarctic wolfasiaauthenticationbad reputationbgbotnetbotnet activitybrute forcebrute force attackbulgariachinaciscocisco secureclientcommand and controlcommunication protocolcredential accesscredential stuffingcyber securitydata exfiltrationdata store exposureddosddos attackdecoy systemdefensedenial of servicedesktopdistributed attacksenumeration attempteuropeeurope/asiaexploitation activityexploited hostexternal scanfinfin port scanfin scanfirewall detectionftpftp brute forcegermanygrouphackinghong konghostscanhttp brute forcehttp scannerhttpsidentity & access exploitationindicatorindonesiainjection activityiockfsensor honeypotlateral movementlocallookmalicious ipmalicious softwaremalwaremalware capturemalware propagation attemptmanualmassive port scanmassive scanningmexicomirainetherlandsnetworknetwork attacksnetwork discoverynetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnextraynorth americanull port scannull scanopen port detectionoperating system detectionos credential dumpingpalo altopanamapassword attackpassword attacksphishingpicturepossible botnet activitypotential vulnerability scanningprobable vulnerability assessmentprocess injectionprotocol exploitationpublic coverageravpnrdpreconnaissancereconnaissance activityremote accessremote servicesresearchedrtbhrussiascanscannerserviceservice discoveryservice enumerationservice scanservice version detectionsipsmbsmb brute forcesmtpsouth koreasshssh attackstealthsuspected malicious activitysweep scansynsyn port scansyn scansystem discoveryt1016t1018t1021t1021.001t1021.002t1021.003t1040t1046t1053t1055t1059t1059.004t1059.005t1059.006t1059.007t1071.001t1076t1078t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.002t1499.003t1563t1565t1588t1588.002t1589t1589.001t1589.002t1590t1592t1595t1595.001t1595.002t1595.003tcptcp protocoltcp scanningtelnet threatthreat actorthreat defensethreat intelligencetsecudp port scanukraineunauthorized accessunauthorized access attemptunauthorized access attemptsunitedunited kingdomvalid accountsvietnamvpnvpn connectionvpnsvulnerability scanweb trafficwinwindowsxmasxmas port scanxmas scan

Activity Timeline

1 total obs
May 26May 26

Threat Activity Heatmap

· Peak: 2026-05-26
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
19
Reports
First seenNov 22, 2021
Last seenMay 26, 2026
GeolocationSC
CountrySeychelles
LocationVictoria, La Rivière Anglaise
ASNAS207812
OrgInternet Solutions & Innovations LTD
Coords42.6960, 23.3320
VPN

VirusTotal

Not checked

WHOIS

description
Port Scan 2024-02-02T22:59:33.340Z -> 79.124.62.130 scanned port 16727 on one of our servers
raw
inetnum: 79.124.62.0 - 79.124.62.255 netname: CLOUDVPS-NET descr: CLOUDVPS-NET country: EU admin-c: NOC299-RIPE org: ORG-ISI14-RIPE tech-c: NOC299-RIPE abuse-c: NOC299-RIPE mnt-routes: TAMATYA-MNT mnt-domains: TAMATYA-MNT mnt-domains: ISI1 mnt-domains: ISI1 status: ASSIGNED PA mnt-by: AZ39139-MNT mnt-by: MNT-LIR-BG mnt-by: TAMATYA-MNT mnt-by: ISI1 created: 2019-11-08T10:06:48Z last-modified: 2022-01-06T09:38:49Z source: RIPE organisation: ORG-ISI14-RIPE org-name: Internet Solutions & Innovations LTD. country: SC reg-nr: 210796 org-type: OTHER address: National Cultural Centre 865 P.O. Box 1494, Victoria Mahe, Seychelles abuse-c: NOC299-RIPE mnt-ref: ISI1 mnt-ref: IPI mnt-ref: PITLINE-MNT mnt-by: ISI1 created: 2019-11-02T10:45:37Z last-modified: 2026-05-13T05:42:20Z source: RIPE # Filtered role: Network Operations Centre remarks: ****** FOR ABUSE ISSUES PLEASE CONTACT: [email protected] ****** address: National Cultural Centre 865 P.O. Box 1494, Victoria Mahe, Seychelles abuse-mailbox: [email protected] nic-hdl: NOC299-RIPE mnt-by: ISI1 created: 2019-11-02T10:37:19Z last-modified: 2021-01-26T08:48:43Z source: RIPE # Filtered route: 79.124.62.0/24 origin: AS207812 mnt-by: Tamatiya mnt-by: TAMATYA-MNT created: 2019-11-20T19:53:42Z last-modified: 2019-11-20T19:53:42Z source: RIPE route: 79.124.62.0/24 origin: AS50360 mnt-by: Tamatiya mnt-by: TAMATYA-MNT created: 2019-11-04T19:13:06Z last-modified: 2019-11-04T19:13:06Z source: RIPE
references
https://list.rtbh.com.tr/output.txt, https://redpiranha.net, https://arcticwolf.com/resources/blog/password-spraying-activity-targeting-various-vpn-appliances-firewalls-and-other-public-web-based-applications/, https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 28 days ago
Appeared in 19 threat reports