IPMediumSignal 59/100
103.143.72.165
Location
JapanChiyoda City, Tokyo
ASN
AS138152
Gaaishing Industrial Holdings Limited
First Seen
Nov 28, 2023
Last Seen
Jun 8, 2026
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryJapan
JapanRegionChiyoda City, Tokyo
ASNAS138152
OrganizationGaaishing Industrial Holdings Limited
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
35 reports59% confidence
35
Source reports
59%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningaliasapacheapache attackeraptasiaasnatif feedattackattacker-ipaustraliaauthenticationauthentication attackauthentication attacksauthentication attemptautomated attackbad reputationbad web botbanlist feedbinary defenseblacklisted ipblockblocked eventblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcbrute-forcebruteforcebulk emailc2china telecomcisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscowrie datacowrie honeypotcredential accesscredential harvestingcredential phishingcredential stuffingcyber reconnaissancedata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksddos mitigationdecoy systemdenial of servicedevice managementdgadgalike patterndigital oceandigitalocean vpsdionaea honeypotdistributed attacksemerging threatsencryptionenterprise networkingenumerationeuropeexploitationexploitation activityexploitation attemptsexploited hostexternal threat actorfail2ban activityfail2ban alertfattfilefinlandfirewall alertfranceftpftp brute forceftp brute-forcegeoipgermanyhackinghoneynet connecthoneytrap honeypothong konghttp brute forcehttp scannerhttpsidentity & access exploitationimapindiainfected systemsinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet scanintrusion detectioniociot securityiot targetedip-blacklistipv4it infrastructurejapanjplamplateral movementlog analysislogin attacklogin attemptlogin bruteforcelogin failurelogin-failuremail mergemailoney honeypotmalaysiamalicious activitymalicious domainmalicious file transfermalicious ipsmalicious linksmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware phishingmalware-related botnet activitymanualmassnetworknetwork accessnetwork anomaly detectionnetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork-scannorth americanoticeoceaniap0fpassword attackpassword attackspassword sprayingphishingphishing attackphishing campaignphishing infraphishing trappolandpossible botnet infectionpotential intrusionpotential malware uploadprocess injectionprotocol exploitationproxyransomwarereconnaissanceremote accessremote access attemptremote servicesresearchedresource hijackingrtbhscanscannerscannersscanning activitysecurity alertsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetservice scansftp attacksftp exploitation attemptssip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringsynt1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1192t1203t1204.001t1204.002t1486t1496t1498t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1567t1573t1583t1587.001t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tannertcp protocoltcp scantcp scanningtelecommunicationstelnet threattencent cloudthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunited kingdomunited statesunknown grouputc+1:00valid accountsvoidtrapvoipvoip attackvpnvpn ipvps securityweb app attackweb application attackweb brute forceweb exploitationweb securityweb spamweb traffic
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
35
Reports
First seenNov 28, 2023
Last seenJun 8, 2026
GeolocationJP
CountryJapan
LocationChiyoda City, Tokyo
ASNAS138152
OrgGaaishing Industrial Holdings Limited
Coords35.6940, 139.7540
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 5 days ago
Appeared in 35 threat reports