IOC Radar
IPMediumSignal 100/100

103.124.94.57

Location
VietnamVietnam
Đống Đa, Vĩnh Phúc Province
ASN
AS131353
NhanHoa Software company
First Seen
May 8, 2025
Last Seen
Jun 7, 2026
May 8
First Seen
401d ago
Jun 7
Last Seen
6d ago
25
Reports
source reports
99%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

81 techniques

Network Information

CountryVNVietnam
RegionĐống Đa, Vĩnh Phúc Province
ASNAS131353
OrganizationNhanHoa Software company

Feed Intelligence Summary

25 reports99% confidence
25
Source reports
99%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount profilingaccount securityaccount takeoveractive scanactive scanningadministrative accessanomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningaptasiaattackattack sourceattack source: externalaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication-attemptsauthentication_bypassautomated attackautomated attacksbad reputationbad web botblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationc2 serverchina mobilecisco devicecliftoncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemscowrie datacowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredential-stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdigitalocean cliftondigitalocean vpsdionaea honeypotdionaea interactionsdistributed attacksemerging threatsenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitation activityexploitation attemptsexploited hostfail2ban alertfail2ban blocked ipsfail2ban detectionfail2ban triggeredfailed login attemptsfailed loginsfattfatt signaturesfinlandfirewall eventfranceftpftp brute forceftp brute-forcegb-originating servergermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationindiaindicatorindonesiainformation technologyinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackip-addressesipv4ipv4 addressipv4_addressit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp server targetinglateral movementlinux-server-attackslogin attacklogin attemptlogin attemptslogin brute forcelogin failurelow-riskmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious ip activitymalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware distributionmirai botnetmod securitymodsecurity alertsmodsecurity attacksmssql scanningmultiple failed loginsnetworknetwork accessnetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_service_exploitationnorth americanoticeobserved malicious activityoceaniaoperating systemoperating system securityosintp0fp0f signaturespassword attackpassword attackspassword sprayingpassword-guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningpossible botnet activitypossible malware distributionpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote access attemptsremote serviceremote servicesremote-accessremote_accessresearchedresource hijackingscanscannerscannersscanning activitysecurity eventsecurity monitoringsecurity operationssecurity policyself-signedsensor-taggedsentrypeer botnetsentrypeer interactionsserver exploitationservice enumerationservice exploitationservice scansftp access attemptsftp attacksmb brute forcesmb scanningsmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh monitoringsuricata alertsswedent1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1069.001t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1552.001t1563t1565t1566t1566.001t1566.002t1566.003t1567t1573t1573.001t1588.002t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesus abuseus nonevalid accountsvietnamvnvnc protocolvoipvoip attackvulnerability scanweb application attackweb attacksweb brute forceweb exploitationweb loginweb spamweb trafficwordpress brute force

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
25
Reports
First seenMay 8, 2025
Last seenJun 7, 2026
GeolocationVN
CountryVietnam
LocationĐống Đa, Vĩnh Phúc Province
ASNAS131353
OrgNhanHoa Software company
Coords21.0144, 105.8140

VirusTotal

Not checked

WHOIS

description
Honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 25 threat reports