IOC Radar
IPMediumSignal 79/100

93.123.85.8

Location
GermanyGermany
Frankfurt am Main, England
ASN
AS58212
dataforest GmbH
First Seen
Oct 17, 2023
Last Seen
May 19, 2026
Oct 17
First Seen
971d ago
May 19
Last Seen
26d ago
22
Reports
source reports
79%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, England
ASNAS58212
Organizationdataforest GmbH

Feed Intelligence Summary

22 reports79% confidence
22
Source reports
79%
Confidence score
Category tags
abuseactive scanactive scanningahmythamadeyamosapkarmasciiasyncratattackbackdoorbad reputationbase64base64-loaderbashbitbucketblankgrabberbotnetbotnet activityboxterbraodobrute forcebulgariac2calls-wmichecks-hostnamechecks-memory-availablechecks-user-inputcnccoinminercommand & controlcommand and controlcommand executioncompromise ipv4credential accesscredential stuffingcryptocurrencydata exfiltrationdata store exposuredcratddosddos attacksdedecoy systemdetect-debug-environmentdiscordappdiscordratdistributed attacksdmgdonutloaderelfemotetencodedeuropeexeexecutable fileexploitexploitation activityfake alert pdfgafgytgbgeogermanygossrathajimeheodohtaloaderidentity & access exploitationidleindicatorinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinternet of thingsinvokerbotiot botnetiot devicesiot securityiot/ics attackipv4 portiratairnkmsactivatorl3monlinuxlnklokilokibotlong-sleepslummastealerlunastealermacosmalicious activitymalicious powershell activitymalicious softwaremalwaremalxmrmanagermeduzameduzastealermellat.apkmetasploitmeterpretermipsmirai botnetmobile threatmoneromozineshtanetworknetwork scanningnetwork securitynjratopendirpalestine, state ofpeexephishingpolcertprocess injectionprotocol exploitationpurelogstealerpyspypythonstealerratreconnaissanceredir-302rekooberemcos trojanremote accessremote servicesresearchedrev-base64-loaderreverseshellsaint helena, ascension and tristan da cunhascams & fraudscriptscripting attacksscripting languageservice scanservice-scanshellshellbotshellscriptsmsspyssh attackssh-communicationstealcstealert1005t1021.001t1021.004t1027t1027.002t1027.006t1040t1041t1055t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1078t1078.001t1086t1105t1110.002t1133t1137t1137.001t1137.005t1189t1190t1204t1204.002t1218t1218.011t1486t1496t1497t1497.001t1499.002t1499.003t1543t1543.003t1547t1547.001t1547.002t1565t1566t1566.002t1573t1573.001t1573.002t1587.001t1588t1588.002t1590.001t1595.001t1595.002t1595.003tedytelnet threatthreat actorthreat intelligencetor nodetrojan malwareturtleloaderua-safariua-wgetunited kingdomus-safarivalyriavenomratvidarvulnerability scanweb application exploitationweb developmentwebshellwindowsxml-opendirzip

Activity Timeline

1 total obs
May 19May 19

Threat Activity Heatmap

· Peak: 2026-05-19
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
22
Reports
First seenOct 17, 2023
Last seenMay 19, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, England
ASNAS58212
Orgdataforest GmbH
Coords50.1169, 8.6837

VirusTotal

Not checked

WHOIS

raw
inetnum: 93.123.85.0 - 93.123.85.255 netname: DE-DATAFOREST-20080305 country: DE org: ORG-HSG23-RIPE admin-c: TS41522-RIPE tech-c: TS41522-RIPE geofeed: https://raw.githubusercontent.com/dataforestgmbh/geo/refs/heads/main/geofeed.csv status: ALLOCATED PA mnt-by: lir-de-dataforest-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2025-09-11T09:42:47Z last-modified: 2025-09-11T13:15:38Z source: RIPE organisation: ORG-HSG23-RIPE org-name: dataforest GmbH country: DE org-type: LIR address: Taunusstra�e 52 address: 65830 address: Kriftel address: GERMANY phone: +49619293992233 admin-c: TS41522-RIPE tech-c: TS41522-RIPE abuse-c: DG13264-RIPE mnt-ref: lir-de-dataforest-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-de-dataforest-1-MNT created: 2021-11-23T09:32:38Z last-modified: 2023-02-10T15:36:17Z source: RIPE # Filtered person: Tim Lauderbach org: ORG-DG236-RIPE address: dataforest GmbH phone: +4961929392233 nic-hdl: TS41522-RIPE mnt-by: dataforest-MNT created: 2023-01-05T18:37:12Z last-modified: 2023-06-02T16:54:24Z source: RIPE route: 93.123.85.0/24 origin: AS58212 mnt-by: lir-de-dataforest-1-MNT created: 2025-09-11T13:02:10Z last-modified: 2025-09-11T13:02:10Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 26 days ago
Appeared in 22 threat reports