IOC Radar
IPMediumSignal 68/100

103.87.25.21

Location
IndiaIndia
Shāhābād, Haryana
ASN
AS136287
Falconet Internet Pvt. Ltd
First Seen
Jan 14, 2025
Last Seen
Nov 14, 2025
Jan 14
First Seen
516d ago
Nov 14
Last Seen
212d ago
6
Reports
source reports
68%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryINIndia
RegionShāhābād, Haryana
ASNAS136287
OrganizationFalconet Internet Pvt. Ltd

Feed Intelligence Summary

6 reports68% confidence
6
Source reports
68%
Confidence score
Category tags
active scanningadbhoney honeypotantispamasiaattackbad web botbotnetbrute forcebrute force attackbrute force attemptsbrute_forcecisco devicecisco exploitation attemptscommand and controlcommunication protocolconpot honeypotcowrie honeypotcredential accesscredential harvestingcredential stuffingcve scandata exfiltrationddos attackdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksenterprise networkingexploit kit activityftpftp brute forceftp_bruteforcehttp brute forcehttp scannerhttp_scanhttps_scanics securityinindiaindicatorindustrial control systemsiot/ics attacklateral movementlog4jmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetworknetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnorth americapassword attacksphishingphishing attackphishing trappossible botnet activityprocess injectionprotocol exploitationreconnaissanceresearchedscannersftp attacksocial engineeringsql injection attemptssh attackssh monitoringssh_bruteforcet1021t1021.004t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertelnet threattelnet_bruteforcethreat actorthreat intelligenceunauthorized access attemptunited statesweb application attackweb exploitationweb shell attemptweb traffic

Activity Timeline

1 total obs
Nov 14Nov 14

Threat Activity Heatmap

· Peak: 2025-11-14
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
6
Reports
First seenJan 14, 2025
Last seenNov 14, 2025
GeolocationIN
CountryIndia
LocationShāhābād, Haryana
ASNAS136287
OrgFalconet Internet Pvt. Ltd
Coords30.4780, 77.1280

VirusTotal

Not checked

WHOIS

description
2025-07-05T02:59:10.196Z Honeypot : Heralding : Source: 103.87.25.21 : Username/Password: usER/asd123 Port: 1080 Message: 2025-07-05 02:59:10.196382,ed49fdc7-3aad-4fd8-a1cf-d85c697b8f8e,31f03296-de8a-4681-9f38-6db93c99a0af,103.87.25.21,51506,99.18.26.18,1080,socks5,usER,asd123,
raw
inetnum: 103.87.24.0 - 103.87.27.255 netname: FALCONET descr: Falconet Internet Pvt.ltd. admin-c: AK973-AP tech-c: MA1084-AP country: IN mnt-by: MAINT-IN-IRINN mnt-irt: IRT-FALCONET-IN mnt-routes: MAINT-IN-FALCONET status: ALLOCATED PORTABLE last-modified: 2017-03-03T06:38:02Z source: APNIC irt: IRT-FALCONET-IN address: plot no.1241,sector 9,Ambala City,Ambala,Haryana-134003 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: MA1084-AP tech-c: MA1084-AP auth: # Filtered mnt-by: MAINT-IN-FALCONET last-modified: 2020-10-26T07:34:18Z source: APNIC role: manager admin address: plot no.1241,sector 9,Ambala City,Ambala,Haryana-134003 country: IN phone: +91 1712531582 e-mail: [email protected] admin-c: AK973-AP tech-c: AK973-AP nic-hdl: MA1084-AP mnt-by: MAINT-IN-FALCONET last-modified: 2020-10-26T07:36:19Z source: APNIC person: ARUN KUMAR address: plot no.1241,sector 9,Ambala City,Ambala,Haryana-134003 country: IN phone: +91 1712531582 e-mail: [email protected] nic-hdl: AK973-AP mnt-by: MAINT-IN-FALCONET last-modified: 2017-03-03T06:34:56Z source: APNIC route: 103.87.25.0/24 descr: Falconet Internet Pvt. Ltd. mnt-by: MAINT-IN-FALCONET origin: AS136287 last-modified: 2020-07-05T02:18:46Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 months ago
Appeared in 6 threat reports