IOC Radar
IPMediumSignal 31/100

49.156.32.155

Location
CambodiaCambodia
Phnom Penh, 12
ASN
AS24492
WiCAM Corporation Ltd.
First Seen
Mar 8, 2024
Last Seen
Apr 6, 2026
Mar 8
First Seen
828d ago
Apr 6
Last Seen
69d ago
12
Reports
source reports
31%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
31%
Signal Score
31 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryKHCambodia
RegionPhnom Penh, 12
ASNAS24492
OrganizationWiCAM Corporation Ltd.

Feed Intelligence Summary

12 reports31% confidence
12
Source reports
31%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute_forcecambodiacommand and controlcommunication protocolcompromised credentialscowrie honeypotcredential accesscredential harvestingcredential stuffingcve scandata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdionaea honeypotdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringexploit kit activityexploitation activityftpftp brute forceftp_bruteforceheralding attack patternhttp brute forcehttp scannerhttp_scanhttps_scanidentity & access exploitationindicatorinjection activityiot securitykhlateral movementmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetworknetwork attack attemptsnetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnorth americapassword attacksphishingphishing attackphishing trappossible botnet activityprocess injectionprotocol exploitationpython script activityreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscripting attackssentrypeer botnetservice scansftp attacksocial engineeringsql injection attemptssh attackssh monitoringssh_bruteforcet1021t1021.001t1040t1041t1046t1055t1059t1059.007t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threattelnet_bruteforcethreat actorthreat intelligencetor nodeunauthorized accessunauthorized access attemptunited statesvoipvoip attackvulnerability scanweb application attackweb attackweb exploitationweb shell attemptweb traffic

Activity Timeline

1 total obs
Apr 6Apr 6

Threat Activity Heatmap

· Peak: 2026-04-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
31
SIGNAL
Signal Score
31%
Confidence
12
Reports
First seenMar 8, 2024
Last seenApr 6, 2026
GeolocationKH
CountryCambodia
LocationPhnom Penh, 12
ASNAS24492
OrgWiCAM Corporation Ltd.
Coords11.5583, 104.9121

VirusTotal

Not checked

WHOIS

description
2025-07-05T08:52:55.608Z Honeypot : Heralding : Source: 49.156.32.155 : Username/Password: aDmIn/mynoob Port: 1080 Message: 2025-07-05 08:52:55.608303,abef2b87-de12-473e-9a70-7e6dd27eaa88,a06331fc-b501-49ab-b868-6b2f659ed5e8,49.156.32.155,52213,99.18.26.21,1080,socks5,aDmIn,mynoob,
raw
inetnum: 49.156.32.0 - 49.156.32.255 netname: WiCAM descr: WiCAM Corporation Ltd. country: KH admin-c: WN346-AP tech-c: WN346-AP abuse-c: AW856-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-KH-WICAM mnt-lower: MAINT-KH-WICAM mnt-routes: MAINT-KH-WICAM mnt-irt: IRT-WICAM-KH last-modified: 2022-10-12T09:05:07Z source: APNIC irt: IRT-WICAM-KH address: address: Sangkat Toul Tompong II, Khan Chamkar Morn address: Phenom Penh address: CAMBODIA e-mail: [email protected] abuse-mailbox: [email protected] admin-c: WN346-AP tech-c: WN346-AP auth: # Filtered remarks: [email protected] was validated on 2025-08-11 mnt-by: MAINT-KH-WICAM last-modified: 2025-09-04T05:25:10Z source: APNIC role: ABUSE WICAMKH country: ZZ address: # 47, St. 271?St.480 address: Sangkat Toul Tompong II, Khan Chamkar Morn address: Phenom Penh address: CAMBODIA phone: +000000000 e-mail: [email protected] admin-c: WN346-AP tech-c: WN346-AP nic-hdl: AW856-AP remarks: Generated from irt object IRT-WICAM-KH remarks: [email protected] was validated on 2025-08-11 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-08-11T09:26:13Z source: APNIC person: WICAM NOC address: #47, St. 271 corner St. 480, Sangkat Toul tompung 2, Khan Chamkar morn, Phnom Penh, Cambodia country: KH phone: +855 8188 8950 e-mail: [email protected] nic-hdl: WN346-AP mnt-by: MAINT-KH-WICAM last-modified: 2022-10-12T09:01:13Z source: APNIC route: 49.156.32.0/24 origin: AS24492 descr: WiCAM Corporation Ltd. # 168, Street 1946, Village Bayap ,Sangkat Phnom Penh Thmey Khan Sen Sok, Phnom Penh, Cambodia mnt-by: MAINT-KH-WICAM last-modified: 2025-07-11T10:14:38Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 12 threat reports