IOC Radar
IPMediumSignal 72/100

103.102.230.6

Location
United StatesUnited States
Yakutsk, Sakha
ASN
AS62563
mkr. Rostoshi
First Seen
Jun 1, 2024
Last Seen
Aug 5, 2025
Jun 1
First Seen
750d ago
Aug 5
Last Seen
320d ago
18
Reports
source reports
72%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

72 techniques

Network Information

CountryUSUnited States
RegionYakutsk, Sakha
ASNAS62563
Organizationmkr. Rostoshi

Feed Intelligence Summary

18 reports72% confidence
18
Source reports
72%
Confidence score
Category tags
abuseaccess controlack scanactive scanningapacheapache attackerattackbotnetbrute forcebrute force attackbrute force attacksbrute force attemptscacanadacisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitation attemptscitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycode executioncommand and controlcommand executioncommunication protocolcompromised credentialsconnect scancowriecowrie activitycowrie honeypotcowrie honeypot interactioncowrie interactionscredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase attackdatabase exploitationddosddos attemptdecoy systemdefense evasiondenial of servicedevice managementdionaea activitydionaea honeypotdionaea interactionsdistributed attacksenterprise networkingenterprise securityenumerationenumeration activityexploit attemptexploit scanexploitationexploitation of privilegeexternal scanfinfin port scanfin scanfirewall detectionfirewall probingfrftp brute forcehoneytrap honeypothttp brute forcehttp probehttp scanninghttps probehttps scanningicmpicmp scanimap brute forceindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinternal scanintrusion attemptiot attacklamplamp attacklamp attack attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp stack attacklamp stack targetinglateral movementmalicious activitymalicious login attemptsmalicious payloadmalicious scanmalicious softwaremalwaremalware attemptmalware behaviourmalware capturemalware distribution attemptmanualmass port scanmass port scanningmass scanningmasscanmasscan activitymysql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnmapnmap scan detectednorth americanull port scannull scanopen port detectionopen port discoveryopen port enumerationopen port identificationopen portsos detectionos fingerprintingpassword attackpassword attacksphishing attackpop3 brute forcepossible malware distributionpossible malware probingpossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpotential attack vectorpotential botnet activitypotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingprivilege escalationprocess injectionprotocol exploitationransomware probereconnaissancereconnaissance activityremote accessremote service exploitationremote servicesresearchedscannerscanning activityscripting attackssecurity eventsecurity policysecurity probingservice discoveryservice enumerationservice version detectionsftpsftp access attemptssftp attacksftp exploitation attemptsip brute forcesmb scanningsmtp brute forcesocial engineeringsoftware exploitationsql injection attemptsshssh attackssh monitoringstealth scanstealth scan techniquessurface websweep scansynsyn port scansyn scant1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1057t1059t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1189t1190t1199t1203t1204t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1539t1562t1563t1565t1566t1566.001t1566.002t1566.003t1583t1587.001t1588t1588.002t1589t1589.002t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelnet threatthreat actorthreat detectionthreat intelligencethreat preventionudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized network activityunited statesunsolicited network probeweb application attacksweb attackweb exploitationweb server exploitationxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs
Aug 5Aug 5

Threat Activity Heatmap

· Peak: 2025-08-05
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
18
Reports
First seenJun 1, 2024
Last seenAug 5, 2025
GeolocationUS
CountryUnited States
LocationYakutsk, Sakha
ASNAS62563
Orgmkr. Rostoshi
Coords62.0311, 129.7230

VirusTotal

Not checked

WHOIS

description
2024-11-17T23:36:33.000Z Honeypot : Honeytrap : Source: 103.102.230.6 : Port: 7999 Message: {'payload': {'md5_hash': 'd41d8cd98f00b204e9800998ecf8427e', 'sha512_hash': 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e', 'length': 0, 'data_hex': ''}, 'protocol': 'tcp'}

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 10 months ago
Appeared in 18 threat reports