IOC Radar
IPMediumSignal 100/100

103.81.85.49

Location
VietnamVietnam
Hanoi, Hanoi
ASN
AS140825
HOSTINGVIET
First Seen
Jul 8, 2025
Last Seen
May 27, 2026
Jul 8
First Seen
337d ago
May 27
Last Seen
14d ago
18
Reports
source reports
99%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

74 techniques

Network Information

CountryVNVietnam
RegionHanoi, Hanoi
ASNAS140825
OrganizationHOSTINGVIET

Feed Intelligence Summary

18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abnormal network trafficabuseaccess controlaccount compromiseactive scanactive scanninganomalous network connectionsapacheapache attacksapache vulnerability scanningasiaattackattack originattack origin: malaysiaattack sourceattacker hostattacker infrastructureaustraliaauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failureautomated threatbad reputationbad web botblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcec2c2 communicationchina mobilecisco devicecliftoncloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injection attemptcommunication protocolcompany limitedcompromised hostcompromised systemscowrie honeypotcredential accesscredential brute-forcingcredential harvestingcredential stuffingcredential stuffing attemptsdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaea honeypotdirectory traversal attemptdistributed attacksenterprise networkingenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexternal scanfail2ban triggeredfailed loginfattfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationindicatorindonesiainformation gatheringinformation technologyinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot targetedit infrastructurelamplateral movementlogin attacklogin attemptlogin attemptslogin brute forcemailmailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware downloadmod securitymodsecurity alertsmodsecurity attacksnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americanoticeobserved malicious activityoceaniap0fp0f passive fingerprintingpassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trappolandpossible botnet activitypossible malware distributionpotential intrusion attemptpotential malware uploadprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetservice scansftp attacksmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentsoftware exploitationsql injection attemptsshssh attackssh monitoringsuricata alertst1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505t1562t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized activityunited kingdomunited statesus abuseus noneutc+1vietnamvnvoipvoip attackvulnerability scanvultr infrastructureweb application attackweb attacksweb brute forceweb exploitationweb shell attemptweb trafficwordpress brute force

Activity Timeline

1 total obs
May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenJul 8, 2025
Last seenMay 27, 2026
GeolocationVN
CountryVietnam
LocationHanoi, Hanoi
ASNAS140825
OrgHOSTINGVIET
Coords21.0376, 105.7640

VirusTotal

Not checked

WHOIS

description
Honeypot
raw
inetnum: 103.81.84.0 - 103.81.87.255 netname: HOSTINGVIET-VN descr: Thien Quang Digital technology joint stock company descr: Room 11A8 Sunsquare , No 21 Le Duc Tho, Nam Tu Liem, Ha Noi city admin-c: NNT23-AP tech-c: NNT23-AP country: VN mnt-by: MAINT-VN-VNNIC mnt-lower: MAINT-VN-VNNIC mnt-irt: IRT-VNNIC-AP mnt-routes: MAINT-VN-VNNIC status: ALLOCATED PORTABLE last-modified: 2018-01-17T06:53:26Z source: APNIC irt: IRT-VNNIC-AP address: Ha Noi, VietNam phone: +84-24-35564944 fax-no: +84-24-37821462 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NTTT1-AP tech-c: NTTT1-AP auth: # Filtered mnt-by: MAINT-VN-VNNIC last-modified: 2017-11-08T09:40:06Z source: APNIC person: Nguyen Ngoc Thu address: HOSTINGVIET-VN country: VN phone: +84-982786415 e-mail: [email protected] nic-hdl: NNT23-AP mnt-by: MAINT-VN-VNNIC last-modified: 2016-12-07T09:37:43Z source: APNIC route: 103.81.85.0/24 descr: HOSTINGVIET-VN origin: AS140825 mnt-by: MAINT-VN-VNNIC last-modified: 2022-07-27T16:22:12Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 14 days ago
Appeared in 18 threat reports