Severe Risk
IP 93.123.109.185 is a Bulgarian address operated by Techoff Srv Limited on ASN AS48090 that security analysts rate as a critical-risk asset, having accumulated 1,188 total abuse reports with a 10/10 threat level based on automated honeypot detections logged in August 2025. The 20 recent hacking-category reports across 20 distinct honeypot sensors indicate sustained, automated intrusion activity originating from this single endpoint over a compressed timeframe. Despite a moderate 59% confidence score, the sheer volume of detections makes this IP a clear candidate for immediate blocking at the network perimeter.
The reporting data places 93.123.109.185 squarely in the Bulgarian address space, specifically within infrastructure controlled by Techoff Srv Limited. All detections originated from automated honeypot sensors rather than organic community reports, which typically produces more reliable signal quality given the controlled detection environment. The concentration of 20 separate sensor detections in a single reporting period suggests an automated scanning or exploitation campaign rather than isolated manual probing, as the same attack infrastructure would need to interact with multiple distributed sensors to generate this pattern. The activity frequency metric of 0/10 may reflect the recent nature of the reports, indicating that the threat is actively ongoing rather than historical.
The dominant threat category — hacking activity — encompasses intrusion attempts, vulnerability exploitation, and unauthorized access scanning. In practical terms, this means 93.123.109.185 is likely running automated tools designed to discover exposed services, brute-force authentication credentials, or probe for known software vulnerabilities across targeted networks. The real-world risk includes potential account compromise, data exfiltration, or establishment of a persistent foothold if any weak or unpatched services are found. The high report volume combined with a critical threat rating confirms that this address has demonstrated clear malicious intent through concrete exploitation attempts.
Site operators should block 93.123.109.185 at the firewall or network edge immediately and consider blocking the entire AS48090 prefix if abuse patterns are concentrated within that range. Implementing automated blocking via tools such as fail2ban or CrowdSec can dynamically respond to repeated intrusion patterns from this source. All exposed services should be audited for patch currency, and multi-factor authentication should be enforced on any remote-access interfaces. Continuous monitoring for follow-on activity from adjacent IP ranges is recommended, as threat actors frequently rotate within allocated blocks.
RO 
PH 
UA 
VN