IOC Radar
IPMediumSignal 54/100

103.230.220.148

Location
IndiaIndia
Mumbai, MH
ASN
AS150027
Sampark Estates Pvt. Ltd.
First Seen
May 26, 2024
Last Seen
May 12, 2026
May 26
First Seen
741d ago
May 12
Last Seen
26d ago
18
Reports
source reports
54%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryINIndia
RegionMumbai, MH
ASNAS150027
OrganizationSampark Estates Pvt. Ltd.

Feed Intelligence Summary

18 reports54% confidence
18
Source reports
54%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotaptasiaattackaustraliaaustralia networkauto-generated securityautomated attackbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute-forcebrute_forcec2certcisco devicecisco exploitationcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised systemconnectconpot honeypotcowriecowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea honeypotdionaea payloadsdistributed attacksemailencryptionenterprise networkingexfiltrationexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptexploitation of privilegeexploited hostexternal scanningfattfatt detectionsftpftp brute forcegovernment technologygroupshackinghoneytrap eventshoneytrap honeypothttp brute forcehttp scannerics securityidentity & access exploitationinindiaindicatorindustrial control systemsinformation technologyinitial accessinitial_accessinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackit infrastructurejapanlamplamp exploitationlamp exploitation attemptslateral movementmailoney activitymailoney eventsmailoney honeypotmalicious activitymalicious payload attemptsmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware downloadmirai botnetmssqlnetworknetwork activitynetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_intrusionnorth americaoceaniaopenctip0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappossible malware propagationpotential malware distributionprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote service exploitationremote servicesresearchedresource hijackingscanscannerscanner activityscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventsservice discoverysftpsftp access attemptssftp attacksftp attemptsftp attemptssipsip brute forcesip scanningslugsmtpsmtp brute forcesmtp probingsocial engineeringsocradarsoftware developmentsoftware exploitationspamsql injectionsshssh attackssh monitoringssh scanningsurface websuricata alertst1003t1016t1018t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1056t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1077t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1588t1589t1595t1595.001t1595.002t1595.003tannertanner eventstargeting databasetcptcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat_activitytokyotor nodetpotudp scanunited statesunknown threat actorvoipvoip attackvulnerability scanvulnerability-exploitationweb application attackweb attackweb exploitationweb shell uploadsweb spamweb traffic

Activity Timeline

1 total obs
May 12May 12

Threat Activity Heatmap

· Peak: 2026-05-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
18
Reports
First seenMay 26, 2024
Last seenMay 12, 2026
GeolocationIN
CountryIndia
LocationMumbai, MH
ASNAS150027
OrgSampark Estates Pvt. Ltd.
Coords19.0748, 72.8856

VirusTotal

Not checked

WHOIS

description
2025-02-18T08:46:34.918Z Honeypot : Dionaea : Source: 103.230.220.148 : Port: 1433 Connection: {'protocol': 'mssqld', 'type': 'accept', 'transport': 'tcp'}
raw
inetnum: 103.230.220.0 - 103.230.223.255 netname: SAMPARKESTATES descr: SAMPARK ESTATES PVT. LTD. admin-c: MB607-AP tech-c: MA623-AP country: IN mnt-by: MAINT-IN-IRINN mnt-lower: MAINT-IN-IRINN mnt-irt: IRT-IN-SAMPARKESTATES mnt-routes: MAINT-IN-SAMPARKESTATES mnt-routes: MAINT-IN-IRINN status: ALLOCATED PORTABLE last-modified: 2025-08-11T22:52:11Z source: APNIC irt: IRT-IN-SAMPARKESTATES address: 401, Akansha Apt. Sandu Wadi, Chembur, Mumbai phone: +91-9819579933 fax-no: +91-2225281216 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: MB607-AP tech-c: MA623-AP auth: # Filtered remarks: send spam and abuse report to [email protected] irt-nfy: [email protected] notify: [email protected] mnt-by: MAINT-IN-SAMPARKESTATES last-modified: 2025-09-05T00:04:40Z source: APNIC role: Manager Admin address: 401, Akansha Apt. Sandu Wadi, Chembur, Mumbai country: IN phone: +91-9819579933 fax-no: +91-2225281216 e-mail: [email protected] admin-c: MB607-AP tech-c: MB607-AP nic-hdl: MA623-AP remarks: send spam and abuse report to [email protected] notify: [email protected] abuse-mailbox: [email protected] mnt-by: MAINT-IN-SAMPARKESTATES last-modified: 2014-05-05T10:54:34Z source: APNIC person: Mahendra Bisht address: 401, Akansha Apt. Sandu Wadi, Chembur, Mumbai country: IN phone: +91-9819579933 fax-no: +91-2225281216 e-mail: [email protected] nic-hdl: MB607-AP remarks: send spam and abuse report to [email protected] notify: [email protected] abuse-mailbox: [email protected] mnt-by: MAINT-IN-SAMPARKESTATES last-modified: 2014-05-05T10:53:44Z source: APNIC route: 103.230.220.0/24 descr: SAMPARK ESTATES PVT. LTD.-Route Object origin: AS133232 country: IN remarks: send spam and abuse report to [email protected] notify: [email protected] mnt-routes: MAINT-IN-SAMPARKESTATES mnt-by: MAINT-IN-SAMPARKESTATES last-modified: 2014-05-06T11:02:02Z source: APNIC route: 103.230.220.0/24 descr: Route Object country: IN origin: AS150027 mnt-by: MAINT-IN-SAMPARKESTATES last-modified: 2025-02-18T09:23:53Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 26 days ago
Appeared in 18 threat reports