IOC Radar
IPMediumSignal 35/100

103.149.194.109

Location
IndiaIndia
Delhi, National Capital Territory of Delhi
ASN
AS140173
Kavya Pvt Ltd
First Seen
May 15, 2024
Last Seen
May 30, 2026
May 15
First Seen
760d ago
May 30
Last Seen
15d ago
9
Reports
source reports
35%
Confidence
medium
2/91
VirusTotal
detections
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
35%
Signal Score
35 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Network Information

CountryINIndia
RegionDelhi, National Capital Territory of Delhi
ASNAS140173
OrganizationKavya Pvt Ltd

Feed Intelligence Summary

9 reports35% confidence
9
Source reports
35%
Confidence score
Category tags
active scanactive scanningantispamasiaattackbad web botbotnetbotnet activitybrute forcebrute force attackbrute-forcecommand and controlcommunication protocolcompromised credentialscowriecowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingdata exfiltrationdata exfiltration attemptsdata store exposuredatabase securityddosdecoy systemdenial of servicedionaeadionaea honeypotdionaea interactionsdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringexploitation activityexploitation attemptexploitation attemptsheralding attack patternidentity & access exploitationinindiaindicatorinjection activityiot securitylateral movementlog4jmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware deployment attemptsnetworknetwork intrusion attemptsnetwork scanningnetwork securitypassword attacksphishingphishing attackprocess injectionpython script activityreconnaissanceremote accessresearchedresource hijackingscannerscanning activitysentrypeer botnetsftpsftp access attemptsftp attacksip brute forcesocial engineeringspamsshssh attackssh monitoringt1021t1040t1041t1046t1055t1059t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1583t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat intelligencetor nodevoipvoip attackweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
35
SIGNAL
Signal Score
35%
Confidence
9
Reports
First seenMay 15, 2024
Last seenMay 30, 2026
GeolocationIN
CountryIndia
LocationDelhi, National Capital Territory of Delhi
ASNAS140173
OrgKavya Pvt Ltd
Coords20.0063, 77.0060

VirusTotal

2/ 91vendors flagged
2% detection rateJun 7, 2026

WHOIS

description
2025-04-19T10:15:55.579Z Honeypot : Heralding : Source: 103.149.194.109 : Username/Password: aDMiN1221/password Port: 1080 Message: 2025-04-19 10:15:55.579166,bbcba2c8-7485-4934-8d38-50656d15ad76,da1ccdfa-e37f-457b-a1a9-25305a764eb5,103.149.194.109,49375,99.18.26.21,1080,socks5,aDMiN1221,password,
raw
inetnum: 103.149.194.0 - 103.149.195.255 netname: KISPLD descr: Kavya Internet Services Pvt Ltd admin-c: NA785-AP tech-c: NA785-AP country: IN mnt-by: MAINT-IN-IRINN mnt-lower: MAINT-IN-KISPLD mnt-irt: IRT-KISPLD-IN mnt-routes: MAINT-IN-KISPLD status: ALLOCATED PORTABLE last-modified: 2020-03-20T06:56:26Z source: APNIC irt: IRT-KISPLD-IN address: 2086, Near Syndicate Bank, Alipur, Delhi-110036 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NA785-AP tech-c: NA785-AP auth: # Filtered mnt-by: MAINT-IN-KISPLD last-modified: 2020-03-20T07:03:46Z source: APNIC role: Network admin address: 2086, Near Syndicate Bank, Alipur, Delhi-110036 country: IN phone: +91 01127708384 e-mail: [email protected] admin-c: KD277-AP tech-c: KD277-AP nic-hdl: NA785-AP mnt-by: MAINT-IN-KISPLD last-modified: 2024-10-16T05:28:12Z source: APNIC route: 103.149.194.0/23 descr: Kavya Internet Services Pvt Ltd origin: AS140173 mnt-by: MAINT-IN-KISPLD mnt-routes: MAINT-IN-KISPLD last-modified: 2020-03-23T11:07:50Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 15 days ago
Appeared in 9 threat reports