103.189.208.161 — TEDEV TECHNOLOGICAL DEVELOPMENT COMPANY LIMITED, VN — Very High (98%)

Check an IP Address, Domain Name, Subnet, or ASN

103.189.208.161 was found in our database!

Confidence Level

98%

Very High?

Geolocation

🇻🇳

Vietnam

ISPTEDEV TECHNOLOGICAL DEVELOPMENT COMPANY LIMITED

ASNAS149111

Activity Timeline

First seenFeb 4, 2026, 04:09 PM

Last seen23d ago

17Sessions

527Events

Protocol Breakdown

HTTPS

6 / 287

HTTP

4 / 191

DOCKER

5 / 30

TELNET

2 / 19

103.189.208.161 has a very high threat confidence level of 98%, originating from Vietnam, on the TEDEV TECHNOLOGICAL DEVELOPMENT COMPANY LIMITED network (149111). It has been observed across 17 sessions targeting HTTPS, HTTP, DOCKER, TELNET, with detected attack patterns including docker remote exec via api, http mass web rce exploitation scanning, First observed on February 4, 2026, most recently active February 10, 2026.

Behaviors

Classified behavioral patterns observed

Docker Remote Exec Via Api

high5x

Unauthenticated or externally triggered interaction with the Docker Engine HTTP API resulting in container enumeration (GET /containers/json) followed by multiple POST /containers/{id}/exec and /exec/{id}/start calls. This pattern strongly indicates remote command execution inside running containers through the Docker daemon. In honeypot telemetry this is typically associated with attackers abusing exposed Docker sockets (2375/2376) to gain execution, deploy payloads, or stage further compromise.

Http Mass Web Rce Exploitation Scanning

high3x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

Primitives

Individual actions observed

Http Method Get172 Http Php Echo Md5 Hello Phpunit Marker148 Docker Post Method15 Https Query Thinkphp Invokefunction Md5 Probe12 Https Body Wget Curl Pipe To Sh Apache Selfrep12 Https Php Ini Directive Injection Allow Url Include Auto Prepend File12 Docker Container Exec Path10 Http Body Wget Curl Pipe To Sh Selfrep8 Http Thinkphp Invokefunction Call User Func Array Md58 Http Php Shell Exec Base64 Decode Cve 2024 4577 Attempt8 Http Php Cgi Allow Url Include Auto Prepend Input Injection8 Https Path Root6 Https Phpunit Eval Stdin Rce Probe6 Https Cgi Bin Percent Encoded Directory Traversal Bin Sh6 Docker Get Method5 Docker Exec Start Endpoint5 Docker List Containers Endpoint5 Http Cgi Bin Direct Bin Sh Access4 Telnet Echo Hex Escape Sequence Output4 Http Phpunit Eval Stdin Php Path Access4

Related Threats

Explore related threat intelligence

🇻🇳More threats fromVietnam ASMore threats fromTEDEV TECHNOLOGICAL DEVELOPMENT COMPANY LIMITED HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP DOCKERMore threats targetingDOCKER TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
171.249.163.174	35%	112
14.225.2.67	90%	292
118.68.165.68	35%	3
27.72.30.88	44%	6
123.16.53.239	13%	5