Dashboard›🇻🇳 Vietnam›103.61.123.221

THREAT REPORT

IP Threat Report
103.61.123.221

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-30 06:11:15

First seen: 2026-02-20 12:20:05

Last seen: 2026-02-24 04:00:05

Geolocation & Classification

IP Address

103.61.123.221

Type

Residential

Country

🇻🇳 Vietnam

City

Thanh Liệt

ISP

H2 VIET NAM TECHNOLOGY SOLUTIONS COMPANY LIMITED

Organization

H2 Viet NAM Technology Solutions Company Limited

Autonomous System

AS135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Hit Count

Detection Signatures

Signature	Description	Points
UA bot: Go-http-client	Known bot/crawler User-Agent detected	+40
Danger strong hits: 10	High-risk paths: shells, RCE vectors, exploits	+100
404 ratio 40-60%	Majority of requests returned 404 — enumeration	+15
Burst: 6 req / 2s	Abnormally fast request rate — automated scanning	+35
Burst: 10 req / 10s	Abnormally fast request rate — automated scanning	+35
Foreign referer seen	Referer from unrelated external domain	+10
Danger strong hits: 6	High-risk paths: shells, RCE vectors, exploits	+100
404 ratio >= 60%	Majority of requests returned 404 — enumeration	+25
Probe pattern 302->404 same path	Behavioral anomaly detected by automated analysis	+20
Danger strong hits: 14	High-risk paths: shells, RCE vectors, exploits	+100
Burst: 14 req / 10s	Abnormally fast request rate — automated scanning	+35

Σ = 515

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

[redacted]

GET

/page

200

Requests shown: 2 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-02-20 12:20:05

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

UA bot: Go-http-client (+40), Danger strong hits: 10 (+100), 404 ratio 40-60% (+15)

2026-02-24 04:00:05

Last malicious request observed

Total score reached: 235/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

H2 VIET NAM TECHNOLOGY SOLUTIONS COMPANY LIMITED

AS135905 · 🇻🇳 Vietnam

Recommendations

Actions taken & recommended

IP 103.61.123.221 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

🤖 User-Agent Anomaly Defense

IP 103.61.123.221 shows suspicious UA behavior. Block empty User-Agent requests. Implement JavaScript-based bot detection for sensitive endpoints.

🔎 Path Enumeration Protection

Block scanning from 103.61.123.221: rate-limit 404 responses per IP, deploy a honeypot 404 page, ensure no backup files are web-accessible.

🌊 Flood / DDoS Mitigation

Implement limit_req_zone in nginx. Deploy CDN with DDoS protection. Configure SYN cookies and connection tracking to throttle 103.61.123.221.

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (19)

Port	Service	Risk	Description
21	FTP	Medium	File Transfer Protocol — often targeted for anonymous login attacks
22	SSH	Low	Secure Shell — common brute force target for remote access
53	DNS	Low	DNS server — potential for DNS amplification attacks
80	HTTP	Low	HTTP web server — standard web traffic
111	Unknown	Low	Service on port 111
143	IMAP	Low	Service on port 143
443	HTTPS	Low	HTTPS web server — encrypted web traffic
587	Unknown	Low	Service on port 587
993	IMAPS	Low	Service on port 993
995	POP3S	Low	Service on port 995
1080	Unknown	Low	Service on port 1080
2031	Unknown	Low	Service on port 2031
2082	Unknown	Low	Service on port 2082
2083	Unknown	Low	Service on port 2083
2086	Unknown	Low	Service on port 2086
2087	Unknown	Low	Service on port 2087
3306	MySQL	High	MySQL database — should never be exposed to the internet
4190	Unknown	Low	Service on port 4190
8080	HTTP-Alt	Low	HTTP alternative port — often used for admin panels or proxies

⚠️ 2 high-risk ports detected on 103.61.123.221. These services should not be publicly accessible without strict firewall rules.

KNOWN VULNERABILITIES (CVE) (125)

CVE ID	Link
CVE-2019-6109	NVD →
CVE-2019-6110	NVD →
CVE-2020-7070	NVD →
CVE-2024-42516	NVD →
CVE-2021-41617	NVD →
CVE-2025-32728	NVD →
CVE-2018-15473	NVD →
CVE-2019-11048	NVD →
CVE-2019-1559	NVD →
CVE-2024-3566	NVD →
CVE-2025-49812	NVD →
CVE-2025-53020	NVD →
CVE-2020-7066	NVD →
CVE-2024-0727	NVD →
CVE-2017-3738	NVD →
CVE-2023-51385	NVD →
CVE-2023-2650	NVD →
CVE-2018-0732	NVD →
CVE-2025-58098	NVD →
CVE-2023-0464	NVD →
CVE-2012-4360	NVD →
CVE-2011-1176	NVD →
CVE-2017-3737	NVD →
CVE-2023-38408	NVD →
CVE-2019-1563	NVD →

+100 more

🔴 This host has 125 known CVEs associated with its exposed services. This volume strongly suggests severely outdated software. Review each CVE in the NVD database.

DETECTED TECHNOLOGIES

openssl:openssl:1.0.2kphp:php:7.4.33apache:http_server:2.4.62php:php:7.4.1canonical:ubuntu_linuxf5:nginx:1.29.5control-webpanel:webpanellinux:linux_kernelphp:php:7.2.30mariadb:mariadb:10.4.34-MariaDBpureftpd:pure-ftpdf5:nginx:1.18.0openbsd:openssh:7.4postfix:postfix

Hostnames: app.gotech.vn

PTR: app.gotech.vn

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

✓ Clean

Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

103.61.123.221 has been assigned a threat score of 235/100 (Critical). A score this high marks a critical threat actor. This address has demonstrated persistent, aggressive malicious behavior across multiple detection vectors.

The following attack categories were identified:

User-Agent AnomalyPath EnumerationRequest Flooding

📊 Threat Analysis

103.61.123.221 is registered in Thanh Liệt, Vietnam, operating on the network of H2 VIET NAM TECHNOLOGY SOLUTIONS COMPANY LIMITED. This IP first appeared in our threat feeds after triggering multiple behavioral detection signatures. The address has been active for 3 days in our monitoring system, producing 9 flagged requests at a rate of ~3/day. This is a residential IP address, suggesting a compromised home device such as a router, smart appliance, or infected workstation participating in a botnet. With 3 different attack patterns detected, this IP exhibits behavior characteristic of advanced automated scanning frameworks. Our records show 107 malicious IPs originating from Vietnam, positioning it as a significant contributor to global threat activity. At 235/100, this is an extremely high-risk address. All traffic should be considered hostile.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

Related Threats

🇻🇳 Top threats from Vietnam

103.216.118.66 (273)210.2.86.189 (235)116.118.47.174 (235)14.225.32.188 (235)157.66.24.235 (230)View all →

🏢 Same network: AS135905

103.216.118.66 (273)14.225.32.188 (235)103.154.63.62 (195)103.226.251.140 (180)103.82.21.232 (173)View all →

Security Intelligence

💡 User-Agent Analysis Techniques

Analyzing User-Agent strings reveals automated tools masquerading as legitimate browsers. Inconsistencies between claimed browser capabilities and actual behavior, impossible version combinations, and known scanner signatures help identify malicious clients.

💡 TLS Fingerprinting (JA3/JA4)

TLS fingerprinting creates unique identifiers based on how clients negotiate encrypted connections. The JA3 and JA4 methods generate hashes from TLS ClientHello parameters, enabling identification of specific tools and malware regardless of IP address changes.

🔍 Check Any IP Address

Share this report:

IP Threat Report103.61.123.221

⛔ Verdict: BLOCK