Threat LevelCRITICAL87/1003 rule types across 3 attack categories
15 incidents · 3 rule types · active attacker + blocklisted · 15 attacks/day · seen 17h ago · bulletproof hosting
| PTR | N/A |
| Org / ASN | Techoff SRV Limited |
| Country | 🇦🇩 Andorra |
| City | Andorra la Vella, Andorra la Vella |
| Timezone | Europe/Andorra |
Bulletproof HostingTechoff SRV Limited (AS48090)
Techoff SRV Limited is a shell-company bulletproof hosting provider exposed in Team Cymru's "Jingle Shells" investigation as using a London virtual office shared with over 1,000 co-registered companies to fabricate legitimacy. Its entire autonomous system (AS48090) is listed on Spamhaus ASN-DROP, indicating the network is leased exclusively for criminal purposes. Individual IPs accumulate thousands of independent abuse reports for webshell scans, backup file probes, SSH brute force, and bot floods.
Attack Analysis
IDS: Blocklist — Spamhaus DROP
This IP is on the Spamhaus DROP list — a dataset of netblocks hijacked or leased by professional spam and cybercrime operations with no legitimate users. Traffic from DROP-listed ranges is considered hostile by design. Blocking is unconditional.
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
IDS: Database Port Scan
Suricata detected this IP scanning database ports (MySQL, PostgreSQL, Redis, MongoDB). This is reconnaissance to find exposed database services for direct exploitation or credential brute-force. Database ports should never be reachable from the internet.
Reports (15)
| Date | Severity | Description |
|---|---|---|
| 21 Jun 2026 - 07:41 | medium | IDS: Suricata alert — GPL SNMP public access udp |
| 21 Jun 2026 - 07:33 | medium | IDS: Suricata alert — GPL SNMP public access udp |
| 21 Jun 2026 - 07:08 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 16 |
| 21 Jun 2026 - 06:08 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 16 |
| 21 Jun 2026 - 05:08 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 16 |
| 21 Jun 2026 - 04:08 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 16 |
| 21 Jun 2026 - 03:08 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 16 |
| 21 Jun 2026 - 02:08 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 16 |
| 21 Jun 2026 - 01:07 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 16 |
| 21 Jun 2026 - 00:48 | high | IDS: Database port scan — ET SCAN Suspicious inbound to MSSQL port 1433 |
| 21 Jun 2026 - 00:40 | high | IDS: Database port scan — ET SCAN Suspicious inbound to PostgreSQL port 5432 |
| 21 Jun 2026 - 00:31 | high | IDS: Database port scan — ET SCAN Suspicious inbound to Oracle SQL port 1521 |
| 21 Jun 2026 - 00:22 | high | IDS: Database port scan — ET SCAN Suspicious inbound to mySQL port 3306 |
| 21 Jun 2026 - 00:17 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 21 Jun 2026 - 00:09 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 16 |
EagleEye Intelligence