IPMediumSignal 69/100
93.123.109.165
Location
AndorraAndorra la Vella, Andorra la Vella
ASN
AS48090
Techoff SRV Limited
First Seen
May 13, 2025
Last Seen
Jun 12, 2026
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryAndorra
AndorraRegionAndorra la Vella, Andorra la Vella
ASNAS48090
OrganizationTechoff SRV Limited
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
23 reports69% confidence
23
Source reports
69%
Confidence score
Category tags
abuseactive scanactive scanningandorraapacheapache attackeraptargentinaasiaattackattacker-ipaustraliabad reputationbad web botbelgiumbgblocklistblocklist_allblog spambotnetbotnet activitybrazilbrute forcebrute force attackbrute force attackerbrute-forcebruteforcebulgariacanadachinacisco devicecisco exploitation attemptscommunication protocolcompromised hostcompromised host indicatorscowriecowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackddos preparationdecoy systemdenial of servicedenial-of-servicedenmarkdevice managementdigital oceandionaeadionaea attack signaturesdionaea honeypotenterprise networkingeu cyber policieseuropeeurope/asiaexploitexploitationexploitation activityexploited hostexploitsfattfrancefraud voipftpftp brute forceftp brute-forcegermanyhackinghoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannericelandidentity & access exploitationindonesiainjection activityinjection attacksintrusion detectioniot securityiot targetedirelandisraelitalyjapankorea, republic oflamplamp stack exploitationlamp stack targetinglateral movementliechtensteinlithuanialogin attemptmailoney honeypotmailoney indicatorsmalaysiamalicious activitymalicious softwaremalwaremalware behaviourmalware capturemexicomixed-ip-domainnetherlandsnetworknetwork infrastructurenetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnlnorth americanorwaynull scanoceaniap0fpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpotential botnetprocess injectionprotocol exploitationproxyransomwarereconnaissanceregional securityremote accessremote servicesresearchedresource hijackingromaniarussiarussian federationscams & fraudscannerscannersscanning activitysecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionservice scansftp attacksingaporesip scanningsmtpsmtp brute forcesocial engineeringsouth americaspainspamsql injectionsshssh attackssh monitoringswedensyn scant1021t1021.001t1040t1041t1055t1059t1059.003t1059.004t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1573.002t1595t1595.001t1595.002t1595.003tannertanner attack patternstargeting databasetcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat-inteltor nodetpotudp scanukraineunited arab emiratesunited kingdomunited statesvenezuela, bolivarian republic ofvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb exploitationweb spamweb trafficxmas scan
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
· Peak: 2026-06-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
23
Reports
First seenMay 13, 2025
Last seenJun 12, 2026
GeolocationAD
CountryAndorra
LocationAndorra la Vella, Andorra la Vella
ASNAS48090
OrgTechoff SRV Limited
Coords42.5063, 1.5218
VPN
VirusTotal
Not checked
WHOIS
- description
- Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 93.123.109.165 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 2 times when connecting to mdms1 between 2026-04-17 13:45 and 2026-04-17 13:45 UTC.
- raw
- inetnum: 93.123.109.0 - 93.123.109.255 netname: TECHOFF_SRV_LIMITED descr: TECHOFF_SRV_LIMITED org: ORG-TSL73-RIPE country: AD admin-c: AD18161-RIPE tech-c: AD18161-RIPE mnt-domains: TECHOFF-MNT mnt-routes: TECHOFF-MNT status: ASSIGNED PA mnt-by: MNT-NETERRA created: 2025-02-24T11:41:37Z last-modified: 2025-02-24T11:41:37Z source: RIPE organisation: ORG-TSL73-RIPE org-name: TECHOFF SRV LIMITED country: GB org-type: OTHER address: 35 Firs Avenue, London N11 3NE abuse-c: AD18161-RIPE mnt-ref: TECHOFF-MNT mnt-ref: MNT-NETERRA mnt-by: TECHOFF-MNT created: 2024-11-20T13:01:40Z last-modified: 2024-11-26T15:22:33Z source: RIPE # Filtered role: ABUSE DEP address: 35 Firs Avenue, London N11 3NE abuse-mailbox: [email protected] nic-hdl: AD18161-RIPE mnt-by: TECHOFF-MNT created: 2024-11-20T13:00:28Z last-modified: 2024-11-21T09:45:52Z source: RIPE # Filtered route: 93.123.109.0/24 origin: AS48090 mnt-by: TECHOFF-MNT created: 2025-03-14T18:56:29Z last-modified: 2025-03-14T18:56:29Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 13 days ago
Appeared in 23 threat reports