IOC Radar
IPMediumSignal 80/100

93.123.118.208

Location
NetherlandsNetherlands
Eygelshoven, 22
ASN
AS209630
Ipxo
First Seen
Aug 19, 2023
Last Seen
Jun 6, 2026
Aug 19
First Seen
1030d ago
Jun 6
Last Seen
9d ago
17
Reports
source reports
80%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryNLNetherlands
RegionEygelshoven, 22
ASNAS209630
OrganizationIpxo

IP Category

Proxy
Proxy server

Feed Intelligence Summary

17 reports80% confidence
17
Source reports
80%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbhoney honeypotaptasiaattackaustraliaautomated attackautomated attacksautomated threatsautomated-attackautomated_attackbad reputationbad web botbgbotnetbotnet activitybotnet-driven attack activitybrute forcebrute force attackbrute force attackerbrute-forcebrute_forcebrute_force_attackbulgariacanadaciscocisco asacisco devicecisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecloud_infrastructurecommand and controlcommunication protocolcowriecowrie honeypotcredential accesscredential compromisecredential harvestingcredential stuffingcredential-bruteforcingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean environmentdionaeadionaea honeypotdistributed attacksemailencryptionendpoint probeenterprise networkingeuropeexploitexploit attemptexploitationexploitation activityexploited hostexternal-scanningexternal-threatexternal_threatfattfranceftpftp attacksftp brute forceglobalprotecthackinghoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttpsidentity & access exploitationindicatorindicators of compromiseinitial access vectorinitial_accessinjection activityinjection attacksinternet-facinginternet-facing serviceinternet-wide scaninternet_wide_scanintrusion detectioniocsiot securityiot targetediot vulnerabilitiesip-addressesipv4ipv4-addressesipv4_activityipv4_addressipv4_indicatorsjapanlamplamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious ipsmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturenetherlandsnetworknetwork discoverynetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork traffic analysisnetwork-reconnaissancenetwork_discoverynetwork_reconnaissancenlnorth americaoceaniaopportunistic-attackp0fpalo alto networkspan-ospanos-globalprotectpassword attacksphishingphishing attackphishing trapping of deathport-scanningportscanpotential compromiseprocess injectionprotocol exploitationproxyransomwarerdp scanningreconnaissanceremote accessremote code executionremote servicesresearchedresource hijackingreverse proxyrevproxyscannerscanner ipsscannersscanning activitysecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionservice scansftpsftp attacksipsip scanningsmtpsocial engineeringspamsql injectionsshssh attackssh attacksssh monitoringssh scanningsystem accesst1018t1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1090t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1589t1590t1590.004t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp-scanningtelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencetokyotor nodetpotudp-scanningunauthorized accessunauthorized access attemptunknown threat actorvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb exploitweb exploitationweb service scanningweb spamweb trafficweb-exploit

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
17
Reports
First seenAug 19, 2023
Last seenJun 6, 2026
GeolocationNL
CountryNetherlands
LocationEygelshoven, 22
ASNAS209630
OrgIpxo
Coords42.6951, 23.3250
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 93.123.118.0 - 93.123.118.254 netname: IPXO-NET country: EU geofeed: https://geofeed.ipxo.com/geofeed.txt admin-c: PC18897-RIPE tech-c: PC18897-RIPE abuse-c: PC18897-RIPE status: SUB-ALLOCATED PA remarks: End User Organization mnt-domains: netutils-mnt mnt-routes: netutils-mnt mnt-by: MNT-NETERRA created: 2025-10-01T08:24:48Z last-modified: 2025-10-01T08:24:48Z source: RIPE role: Private Customer address: Private Residence nic-hdl: PC18897-RIPE remarks: End User Organization abuse-mailbox: [email protected] mnt-by: netutils-mnt created: 2023-12-29T08:37:59Z last-modified: 2024-12-05T09:42:07Z source: RIPE # Filtered
references
https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-16/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-13/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/webexploit-panos-globalprotect-ip-list-2026-02-22/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 9 days ago
Appeared in 17 threat reports