IPMediumSignal 94/100

`116.212.152.3`

Location

Cambodia

Phnom Penh, Preah Sihanouk

ASN

AS38235

Mekongnet

First Seen

Jan 15, 2025

Last Seen

Jun 8, 2026

Jan 15

First Seen

514d ago

Jun 8

Last Seen

4d ago

Reports

source reports

94%

Confidence

medium

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

94%

Signal Score

94 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

44 techniques

Network Information

Country

Cambodia

RegionPhnom Penh, Preah Sihanouk

ASNAS38235

OrganizationMekongnet

Feed Intelligence Summary

8 reports94% confidence

Source reports

94%

Confidence score

Category tags

active scanactive scanningadbhoney honeypotantispamattackattack sourceaustraliaauthenticationauthentication attemptsauthentication_bypassautomated attacksautomated_threatsbad web botbotnetbotnet activitybotnet_activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_force_attackscambodiacisco brute forcecisco devicecisco exploit attemptcisco exploitationcisco exploitation attemptscisco ioscommand executioncommunication protocolcompromised credentialscompromised hostconpot honeypotcowriecowrie honeypotcredential accesscredential guessingcredential harvestingcredential stuffingcredential_stuffingdata encryptiondata exfiltrationdatabase attacksdatabase exploitation attemptdatabase securitydecoy systemdenial of servicedevice managementdionaeadionaea honeypotdionaea malware analysiselasticpot honeypotelasticsearch monitoringenterprise networkingfattftpftp brute forceftp brute-forceheralding attack patternhoneytrap honeypothttp brute forcehttp scannerhttp scanningicsics securityimapindicatorindustrial control systemsinitial accessinjection attacksiociot attacksiot device targetingiot/ics attackip-addressesipphoney honeypotipv4ipv4 addressipv4_addresskhlamplamp stack targetinglamp vulnerability scanlateral movementlog4jmailoney honeypotmalicious activitymalicious payload attemptmalicious payload detectionmalicious softwaremalicious_ip_addressesmalwaremalware behaviourmalware capturemssql scanningnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork_service_exploitationnorth americaoceaniap0fpassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationpython script activityreconnaissanceredis honeypotremote accessremote serviceremote servicesremote-accessremote_accessresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetserver exploitationsftp attacksftp exploit attemptsip attackssip brute forcesip scanningsmb scanningsmtpsocial engineeringspamsql injection attemptsshssh attackssh brute-forcessh monitoringt1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.005t1059.007t1071t1071.001t1076t1077t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1505.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1588.004t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencetpottpotceunauthorized login attemptsunited statesvoipvoip attackweb application attackweb application attacksweb attackweb exploitationweb traffic

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

94%

Confidence

Reports

First seenJan 15, 2025

Last seenJun 8, 2026

GeolocationKH

CountryCambodia

LocationPhnom Penh, Preah Sihanouk

ASNAS38235

OrgMekongnet

Coords10.6093, 103.5300

VirusTotal

Not checked

WHOIS

description: Observed authentication attempts via unknown against Cowrie/Heralding honeypots in Australia. Total events observed: 1. Sensors involved: Heralding. Target ports: 1080. Source country: KH. ASN(s): 38235. Organisation(s): ANGKOR DATA COMMUNICATION. Usernames observed (masked): G***T. Passwords observed (masked): d****n.

`116.212.152.3`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy