IOC Radar
IPMediumSignal 91/100

202.62.47.252

Location
CambodiaCambodia
Phnom Penh, 12
ASN
AS23673
COGETEL
First Seen
Jan 20, 2021
Last Seen
May 30, 2026
Jan 20
First Seen
1967d ago
May 30
Last Seen
11d ago
9
Reports
source reports
91%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
91%
Signal Score
91 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryKHCambodia
RegionPhnom Penh, 12
ASNAS23673
OrganizationCOGETEL

Feed Intelligence Summary

9 reports91% confidence
9
Source reports
91%
Confidence score
Category tags
active scanactive scanningadbhoney attacksadbhoney honeypotattackauthentication attemptautomated_threatsbotnetbotnet activitybotnet_activitybrute forcebrute force attackbrute force attacksbrute-forcebrute_forcebrute_force_attackscambodiacisco brute forcecisco devicecisco exploit attemptcisco exploitationcisco exploitation attemptscisco ioscommand and controlcommand executioncommunication protocolcompromised credentialsconpot honeypotcowrie activitycowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential brute forcecredential harvestingcredential stuffingcredential_stuffingdata encryptiondata exfiltrationdata exfiltration attemptsdata store exposuredatabase attacksdatabase exploitation attemptdatabase securitydatabase service attacksdecoy systemdevice managementdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondistributed attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingexploitation activityexploitation attemptexploitation attemptsftpftp brute forceftp brute-forceftp_bruteforceheralding activityheralding attack patternheralding projecthoneytrap honeypothttp brute forcehttp scannerhttp_scanhttps_scanicsics securityics/scada attacksidentity & access exploitationimapindicatorindustrial control systemsinitial accessinjection activityiociot attacksiot device attacksiot device targetingiot securityiot/ics attackipphoney honeypotlamplamp vulnerability scanlateral movementmailoney email attacksmailoney honeypotmalicious activitymalicious payload attemptmalicious softwaremalicious_ip_addressesmalwaremalware behaviourmalware capturemalware deployment attemptsmobile threatnetworknetwork device attacksnetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork protocolnetwork scanningnetwork securitynetwork service scanningnorth americapassword attacksphishingphishing attackphishing trappossible botnet activityprocess injectionprotocol exploitationpython script activityransomwarereconnaissanceredis honeypotremote accessremote servicesresearchedresource hijackingscannerscanning activityscripting attackssentrypeer botnetserver exploitationservice scansftp access attemptsftp attacksftp attackssftp exploit attemptsip brute forcesip scanningsmtpsocial engineeringspamsql injection attemptssh attackssh attacksssh brute-forcessh monitoringssh_bruteforcet1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1055t1059t1059.004t1059.005t1059.007t1071.001t1076t1077t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1195.001t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1583t1583.001t1589.002t1595t1595.001t1595.002t1595.003tannertanner web attackstargeting databasetelecommunicationstelnet threattelnet_bruteforcethreat actorthreat detectionthreat intelligencetor nodetpottpotceunauthorized access attemptunauthorized login attemptsunited statesvoipvoip attackvoip attacksvulnerability scanweb application attacksweb attackweb exploitationweb service attacksweb traffic

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
91
SIGNAL
Signal Score
91%
Confidence
9
Reports
First seenJan 20, 2021
Last seenMay 30, 2026
GeolocationKH
CountryCambodia
LocationPhnom Penh, 12
ASNAS23673
OrgCOGETEL
Coords11.5583, 104.9121

VirusTotal

Not checked

WHOIS

description
2025-06-09T23:32:24.050Z Honeypot : Heralding : Source: 202.62.47.252 : Username/Password: pROXyusEr/123456 Port: 1080 Message: 2025-06-09 23:32:24.050090,3a9889a0-0551-4e32-bc29-1758926fd4da,fb609bba-d534-45a2-9f5f-d3588209ac51,202.62.47.252,55601,99.18.26.19,1080,socks5,pROXyusEr,123456,
raw
inetnum: 202.62.32.0 - 202.62.63.255 netname: COGETEL-KH descr: COGETEL Co., Ltd descr: 60 Monivong Boulevard country: KH org: ORG-CCL7-AP admin-c: BB195-AP tech-c: BB195-AP abuse-c: AC1855-AP status: ALLOCATED PORTABLE notify: [email protected] mnt-by: APNIC-HM mnt-lower: MAINT-KH-OLN mnt-routes: MAINT-KH-OLN mnt-irt: IRT-COGETEL-KH last-modified: 2020-06-26T01:53:29Z source: APNIC irt: IRT-COGETEL-KH address: No. 44, Samdech Decho Hun Sen Blvd, Tuol Roka 3 Village, Chakangre Krom Commune, Mean Chey District, Phnom Penh e-mail: [email protected] abuse-mailbox: [email protected] admin-c: BB195-AP tech-c: BB195-AP auth: # Filtered remarks: [email protected] was validated on 2025-06-04 mnt-by: MAINT-KH-BPC last-modified: 2025-06-04T01:33:06Z source: APNIC organisation: ORG-CCL7-AP org-name: COGETEL LTD. org-type: LIR country: KH address: No. 44, Samdech Decho Hun Sen Blvd, Chakangre Krom Commune phone: +855-23-727272 fax-no: +855-23-729999 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2024-01-30T12:56:41Z source: APNIC role: ABUSE COGETELKH country: ZZ address: No. 44, Samdech Decho Hun Sen Blvd, Tuol Roka 3 Village, Chakangre Krom Commune, Mean Chey District, Phnom Penh phone: +000000000 e-mail: [email protected] admin-c: BB195-AP tech-c: BB195-AP nic-hdl: AC1855-AP remarks: Generated from irt object IRT-COGETEL-KH remarks: [email protected] was validated on 2025-06-04 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-06-04T01:33:37Z source: APNIC person: Borak Ban nic-hdl: BB195-AP e-mail: [email protected] e-mail: [email protected] address: No. 44, Samdech Decho Hun Sen Blvd, Tuol Roka 3 Village, Chakangre Krom Commune, Mean Chey District, Phnom Penh phone: +85523727272 fax-no: +85523727777 country: KH mnt-by: MAINT-KH-BPC last-modified: 2024-04-29T04:18:48Z source: APNIC route: 202.62.47.0/24 origin: AS23673 descr: COGETEL Co., Ltd 60 Monivong Boulevard mnt-by: MAINT-KH-OLN last-modified: 2020-04-25T16:56:23Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 11 days ago
Appeared in 9 threat reports