IOC Radar
IPMediumSignal 83/100

103.163.215.10

Location
VietnamVietnam
Phú Lâm, Hanoi
ASN
AS131366
Dong Hung PHU Company Limited
First Seen
Jun 10, 2025
Last Seen
Jun 6, 2026
Jun 10
First Seen
371d ago
Jun 6
Last Seen
10d ago
25
Reports
source reports
83%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

76 techniques

Network Information

CountryVNVietnam
RegionPhú Lâm, Hanoi
ASNAS131366
OrganizationDong Hung PHU Company Limited

Feed Intelligence Summary

25 reports83% confidence
25
Source reports
83%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseactive scanactive scanninganomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningasiaattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attacksautomated botnet activityautomated threatbad reputationbad web botblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebruteforce ipsc2c2 communicationc2 serverchina mobilecisco devicecisco device attackcliftoncloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemscowrie datacowrie honeypotcredential accesscredential access attemptscredential attackcredential harvestingcredential stuffingcredential-stuffingcredential_stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksddos preparationddos preventiondecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdigital oceandionaea honeypotdistributed attacksemerging threatsenterprise networkingenumerationeu cyber policieseuropeexecutable fileexploitexploit attemptsexploitationexploitation activityexploitation attemptsexploitation of privilegeexploited hostexternal scanningfail2ban alertfail2ban alertsfail2ban eventfail2ban logsfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfilefinlandfranceftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttp/shttpshurricane usidentity & access exploitationindiaindicatorindonesiainformation technologyinfrastructure reconnaissanceinitial accessinjection activityinjection attacksinternet-wide scanintrusion attemptsintrusion detectionintrusion preventioniociot securityiot targetedip-addressesipv4ipv4 port scanningipv4_addressit infrastructurejapanjapan targetlamplamp server targetinglamp stack targetinglateral movementlinux server targetinglinux-server-attackslogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin brute-forcelogin failuremailmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ip listmalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware distributionmod securitymodsecurity alertsmodsecurity attacksnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork_service_exploitationnorth americanoticenull scanobserved malicious activityoceaniap0fpassword attackpassword attackspassword sprayingpassword-guessingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningpossible botnet activitypossible malware distributionpotential botnetprocess injectionprotocol exploitationpublicly accessible infrastructureransomwarereconnaissancereconnaissance activityregional securityremote accessremote access attacksremote access attemptremote access attemptsremote servicesremote_accessresearchedresource hijackingscanscannerscannersscanning activitysecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetserver securityservice discoveryservice exploitationservice scanservice scanningsftp access attemptsftp attacksftp exploitation attemptsshell command executionsingaporesmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringssh protocolsyn scansystem accesst1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1071.004t1076t1078t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1552.001t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1588.002t1588.004t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp/22telecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttokyotop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesus abuseus noneutc+1:00vietnamvnvoipvoip attackvpsvulnerability scanweb app attackweb application attackweb attacksweb brute forceweb exploitweb exploitationweb spamweb trafficwordpress brute forcexmas scan

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
25
Reports
First seenJun 10, 2025
Last seenJun 6, 2026
GeolocationVN
CountryVietnam
LocationPhú Lâm, Hanoi
ASNAS131366
OrgDong Hung PHU Company Limited
Coords20.9388, 105.7560

VirusTotal

Not checked

WHOIS

description
Honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 25 threat reports