IOC Radar
IPMediumSignal 60/100

223.123.43.69

Location
PakistanPakistan
Chak Three Ten Left, Punjab
ASN
AS138423
CMPak Limited
First Seen
Mar 15, 2025
Last Seen
Jun 2, 2026
Mar 15
First Seen
456d ago
Jun 2
Last Seen
12d ago
17
Reports
source reports
60%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryPKPakistan
RegionChak Three Ten Left, Punjab
ASNAS138423
OrganizationCMPak Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

17 reports60% confidence
17
Source reports
60%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningadbhoney honeypotaptasiaattackaustraliaauthentication attemptauthentication attemptsautomated attackbad reputationbad web botblog spambotnetbotnet activitybotnet communicationbrute forcebrute force attackbrute force attackerbrute-forcec2 activitychinacisco asa targetedcisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolconpot honeypotcowriecowrie attackscowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingcredential-harvestingcredential_guessingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea attacksdionaea honeypotdistributed attacksenterprise networkingenv-huntingexploitexploitation activityexploitation attemptsexploited hostexposed_serviceexternal threatfattfileftpftp brute forcehackinghoneytrap honeypothttp brute forcehttp scannerics securityidentity & access exploitationindicatorindustrial control systemsinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4 activityipv4 scanningjapanlamplamp attacklamp exploitation attemptslamp stack targetinglateral movementlogin attacklogin attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious file transfermalicious ipmalicious softwaremalwaremalware behaviourmalware capturemalware distribution attemptmiraimirai botnetnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork traffic analysisnginxoceaniaopenctip0fpassword attacksphishingphishing attackphishing trapping of deathpkportscanpossible credential stuffingpossible malware distributionpotential lateral movementprocess injectionprotocol exploitationproxyransomwarerdp scanningreconnaissanceremote accessremote access attemptremote loginremote service attackremote service exploitationremote servicesresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer activitysentrypeer botnetservice enumerationservice scansftp access attemptsftp attacksftp probingsip brute forcesip scanningsmtpsmtp brute forcesocial engineeringsocradar honeypotspamsshssh attackssh monitoringsynsystem discoveryt1018t1021t1021.001t1021.004t1040t1041t1046t1053t1055t1056t1059t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.003t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1590t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltelecommunicationstelnettelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunauthorized accessunauthorized access attemptunauthorized access attemptsvoipvoip attackvulnerability scanvultrvultr cloud infrastructureweb app attackweb application attackweb application scanningweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
17
Reports
First seenMar 15, 2025
Last seenJun 2, 2026
GeolocationPK
CountryPakistan
LocationChak Three Ten Left, Punjab
ASNAS138423
OrgCMPak Limited
Coords30.5822, 72.8811
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 12 days ago
Appeared in 17 threat reports