93.123.109.127

Summary (Bottom Line Up Front)

Malicious activity detected from 93.123.109.127 (NL, AS48090). 629 events observed across SMTP, TCP. AI verdict: NOISE.

SMTP TCP
CREDENTIAL_CAPTURE EXPLOIT AI_DETECTED
Activity Timeline
INITIAL REPORT2026-06-05T08:31:38Z
Source: Analyst Manual Entry
Malicious activity detected from 93.123.109.127 (NL, AS48090). 629 events observed across SMTP, TCP. AI verdict: NOISE.
Technical details
Protocols: SMTP, TCP
Attack types: CREDENTIAL_CAPTURE, EXPLOIT, SMTP_PROBE,AI_DETECTED
Unique destination ports: 1
Active window: 2026-05-29 22:51:55.907233 to 2026-06-05 10:24:49.598991
Top patterns: auth, auth_login_creds, suricata_sid_2400014, claude_smtp_ehlo_reconnaissance, claude_smtp_generic_ehlo_probe
IOCs
IP:93.123.109.127
ASN:48090
COUNTRY:NL
Recommendations
  • Block 93.123.109.127 at perimeter firewall
  • Monitor other traffic from AS48090
  • Review correlated attacker profiles for campaign links
Threat Assessment
Threat Level LOW
AI Verdict NOISE
Confidence 50%
Total Events 629
AbuseIPDB 100/100
Indicators of Compromise
ip 93.123.109.127
asn 48090
country NL
Captured Payloads (2)
medium AI_DETECTED TCP:25 
EHLO User
HIGH EXPLOIT TCP:25 
ET DROP Spamhaus DROP Listed Traffic Inbound group 15