IOC Radar
IPMediumSignal 32/100

93.123.109.20

Location
AndorraAndorra
Andorra la Vella, Andorra la Vella
ASN
AS48090
Techoff SRV Limited
First Seen
Mar 25, 2025
Last Seen
Jun 9, 2026
Mar 25
First Seen
455d ago
Jun 9
Last Seen
14d ago
19
Reports
source reports
32%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
32%
Signal Score
32 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryADAndorra
RegionAndorra la Vella, Andorra la Vella
ASNAS48090
OrganizationTechoff SRV Limited

Feed Intelligence Summary

19 reports32% confidence
19
Source reports
32%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotandorraapacheapache attackeraptasiaattackaustraliabad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebulgariacisco asacisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscommunication protocolcompromised credentialscompromised credentials attemptcompromised hostscompromised system detectionconpot honeypotcowrie honeypotcowrie logscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdionaea honeypotdionaea logselasticpot honeypotelasticsearch monitoringenterprise networkingeuropeexploit probingexploit public-facing applicationexploitation activityexploited hostfraud voipftp brute forcehackinghoneytrap honeypothttp brute forcehttp scanningics securityidentity & access exploitationindicatorindustrial control systemsinitial accessinjection activityinjection attacksiot securityiot/ics attackipphoney honeypotlamplamp exploit attemptslamp exploitation attemptslamp server targetinglamp stacklamp stack attackslamp stack targetinglamp vulnerability scanlateral movementmailoney honeypotmalaysiamalicious activitymalicious loginmalicious payload detectionmalicious script executionmalicious software detectionmalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware-related botnet activitynetherlandsnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynloceaniaos command injectionpassword attackspassword crackingphishingphishing attackphishing trappossible botnet activitypossible botnet infectionpossible exploit attemptpossible malware activitypossible malware deploymentpotential credential theftpotential exploit activitypotential intrusionprotocol scanningransomwarereconnaissanceredis honeypotremote access abuseremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscripting attackssentrypeer botnetservice enumerationsftp access attemptsftp attacksftp attemptssip brute forcesip scanningsmtp brute forcesocial engineeringsocradar honeypotspamsshssh attackssh monitoringt1018t1021t1021.001t1040t1041t1046t1059t1059.003t1059.004t1059.007t1071t1071.001t1078t1078.004t1087t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1566.001t1566.002t1566.003t1566.004t1589t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnet attemptsthreat actorthreat detectionthreat intelligencetor nodeunauthenticated access attemptsunauthorized accessunauthorized login attemptvoipvoip attackvulnerability scanweb app attackweb application attackweb application attacksweb attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
32
SIGNAL
Signal Score
32%
Confidence
19
Reports
First seenMar 25, 2025
Last seenJun 9, 2026
GeolocationAD
CountryAndorra
LocationAndorra la Vella, Andorra la Vella
ASNAS48090
OrgTechoff SRV Limited
Coords42.5063, 1.5218

VirusTotal

Not checked

WHOIS

description
List of SSH attacking IPs detected by the Rimba Siber honeypot.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 14 days ago
Appeared in 19 threat reports