IOC Radar
IPMediumSignal 59/100

93.123.109.35

Location
AndorraAndorra
Andorra la Vella, Andorra la Vella
ASN
AS48090
Techoff SRV Limited
First Seen
Mar 27, 2025
Last Seen
May 31, 2026
Mar 27
First Seen
440d ago
May 31
Last Seen
10d ago
20
Reports
source reports
59%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

91 techniques

Network Information

CountryADAndorra
RegionAndorra la Vella, Andorra la Vella
ASNAS48090
OrganizationTechoff SRV Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

20 reports59% confidence
20
Source reports
59%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotandorraapacheapache attackerattackaustraliaauthentication attacksautomated scanbad reputationbad web botblacklist candidateblacklist ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force botbrute-forcec2 communicationcnccommand & controlcommand and controlcommunication protocolcompromise attemptcompromised hostsconpot activityconpot honeypotconpot interactioncowrie activitycowrie capturecowrie honeypotcowrie interactioncowrie interactionscredential accesscredential harvestingcredential stuffingcredential stuffing botdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase exploitation attemptsdatabase probingdatabase securityddosddos attackddos attacksddos botddos participationdecoy systemdenial of servicedionaea activitydionaea capturedionaea honeypotdionaea interactionsdistributed attackselasticpot honeypotelasticsearch monitoringencryptioneuropeexploit activityexploit attemptexploit probingexploit targetingexploitation activityexploited hostftp brute forcehackingheralding activityhoneytrap honeypothttp brute forcehttp floodhttp probinghttp scannerhttp scanningics securityidentity & access exploitationindicatorindustrial control systemsinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot device targetingiot securityiot targetediot/ics attackipphoney activityipphoney honeypotlamplamp attackslamp exploitlamp stack exploitationlamp stack targetinglamp vulnerability exploitationlateral movementlogin attemptlogin securitymailoney activitymailoney honeypotmalicious activitymalicious code detectionmalicious domainmalicious ipmalicious scanmalicious softwaremalicious ssh activitymalwaremalware behaviourmalware botnet activitymalware capturemalware distributionmalware distribution attemptmalware download attemptmalware propagationmiraimirai botnetnetherlandsnetworknetwork attacksnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnloceaniapassword attacksphishingphishing attackphishing trapportscanpossible malware distributionpotential exploit activitypotential reconnaissanceprocess injectionproxyproxy protocolransomwarereconnaissancereconnaissance activityredis honeypotresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysentrypeer botnetservice probingservice scansftp access attemptsftp activitysftp attacksftp probingsip brute forcesip enumerationsip scanningsmbsmtp scanningsocial engineeringsocradar honeypotspamspam botsshssh attackssh monitoringsystem discoveryt1005t1016t1016.001t1016.002t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1021.007t1029t1036t1036.005t1036.007t1036.009t1040t1041t1046t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1077t1078t1078.001t1082t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1123t1133t1190t1199t1202t1203t1204t1204.002t1210t1211t1485t1486t1489t1490t1492t1496t1497t1497.001t1497.002t1499.001t1499.002t1499.003t1550.003t1562t1562.001t1562.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1573.001t1573.002t1574t1574.001t1574.002t1574.008t1589t1592t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcptcp floodtcp protocoltelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontor nodeunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunited kingdomunknown threat actorvalid accountsvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
20
Reports
First seenMar 27, 2025
Last seenMay 31, 2026
GeolocationAD
CountryAndorra
LocationAndorra la Vella, Andorra la Vella
ASNAS48090
OrgTechoff SRV Limited
Coords42.5063, 1.5218
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 20 threat reports