IPMediumSignal 39/100
103.230.120.238
Location
Bangkok, Yala
ASN
AS58955
Bangmod Enterprise Co., Ltd.
First Seen
May 10, 2025
Last Seen
May 27, 2026
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
Country
Thailand
RegionBangkok, Yala
ASNAS58955
OrganizationBangmod Enterprise Co., Ltd.
Feed Intelligence Summary
15 reports39% confidence
15
Source reports
39%
Confidence score
Category tags
abuseaccess controlaccess control violationactive scanactive scanningapacheapache attacksapache vulnerability scanningasiaattackaustraliaauthenticationauthentication abuseauthentication attackauthentication failureauthentication failuresauthentication logsautomated attackautomated threatbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcec2 communicationc2 servercisco devicecliftoncommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowrie honeypotcredential accesscredential harvestingcredential stuffingcredentialsdata exfiltrationdata store exposuredata theftddosdecoy systemdenial of servicedevice managementdistributed attacksenterprise networkingeuropeexploitationexploitation activityexploitation attemptexploited hostexternal remote servicesfail2ban logsfail2ban triggeredfailed login attemptsfinlandfranceftp brute forceftp brute-forcegb_hosted_servergermanyhackinghoneynet connecthoneytrap honeypothong konghttp brute forceidentity & access exploitationindicatorindonesiainformation technologyinitial accessinjection activityiocit infrastructurelamplateral movementlogin attacklogin attemptlogin failuresmailmalaysiamalicious activitymalicious softwaremalwaremalware distributionmod securitymodsecurity alertsmodsecurity attacksnetworknetwork accessnetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnorth americanoticeoceaniapassword attackpassword attacksphishingphishing attackpolandpossible ddos preparationprocess injectionprotocol exploitationpublic-facing applicationreconnaissanceredpiranha referenceremote accessremote servicesresearchedscanscannerscannersscanning activitysecurity eventsecurity incidentsecurity operationsserver securityservice enumerationservice scansftp attacksmb brute forcesmtp brute forcesocial engineeringsoftware developmentspamsshssh attackssh monitoringt1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1588t1588.004t1589t1592t1595t1595.001t1595.002t1595.003tcp protocoltcp scantelecommunicationstelnet threatththailandthreat actorthreat detectionthreat intelligencetor nodeudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomunited statesvoipvulnerability scanweb application attackweb attacksweb brute forceweb exploitationwordpress brute force
Activity Timeline
May 27May 27
Threat Activity Heatmap
· Peak: 2026-05-27LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
15
Reports
First seenMay 10, 2025
Last seenMay 27, 2026
GeolocationTH
CountryThailand
LocationBangkok, Yala
ASNAS58955
OrgBangmod Enterprise Co., Ltd.
Coords6.5400, 101.2810
VirusTotal
Not checked
WHOIS
- description
- Honeypot
- raw
- inetnum: 103.230.120.0 - 103.230.120.255 netname: BANGMOD-TH descr: Bangmod Enterprise Co., Ltd. country: TH admin-c: HM20-AP tech-c: HM20-AP abuse-c: AB1114-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-BANGMODENTERPRISE-TH mnt-irt: IRT-BANGMODENTERPRISE-TH last-modified: 2023-04-28T05:03:48Z source: APNIC irt: IRT-BANGMODENTERPRISE-TH address: Bangmod Enterprise Co., Ltd. e-mail: [email protected] abuse-mailbox: [email protected] admin-c: BEA2-AP tech-c: BEA2-AP auth: # Filtered remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-08-18 mnt-by: MAINT-BANGMODENTERPRISE-TH last-modified: 2025-09-04T06:59:33Z source: APNIC role: ABUSE BANGMODENTERPRISETH country: ZZ address: Bangmod Enterprise Co., Ltd. phone: +000000000 e-mail: [email protected] admin-c: BEA2-AP tech-c: BEA2-AP nic-hdl: AB1114-AP remarks: Generated from irt object IRT-BANGMODENTERPRISE-TH remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-08-18 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-08-18T13:40:10Z source: APNIC role: APNIC Hostmaster address: 6 Cordelia Street address: South Brisbane address: QLD 4101 country: AU phone: +61 7 3858 3100 fax-no: +61 7 3858 3199 e-mail: [email protected] admin-c: AMS11-AP tech-c: AH256-AP nic-hdl: HM20-AP remarks: Administrator for APNIC notify: [email protected] mnt-by: MAINT-APNIC-AP last-modified: 2013-10-23T04:06:51Z source: APNIC route: 103.230.120.0/24 origin: AS58955 descr: Bangmod Enterprise Co., Ltd. 145/18-19 Hong Tower FL.2 Room A.201 Bangkhuntian-Chaitalay Rd., Samaedum mnt-by: MAINT-BANGMODENTERPRISE-TH last-modified: 2023-10-31T05:30:37Z country: TH source: APNIC
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-18/, https://jamesbrine.com.au, https://redpiranha.net, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-12/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 15 threat reports