160.30.159.104 Threat Intelligence and Host Information

Feb 27, 2026 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 160.30.159.104 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1056.001 - Keylogging, T1059.001 - PowerShell, T1071.001 - Web Protocols, T1105 - Ingress Tool Transfer, T1219 - Remote Access Software

  • Tags: 2026-02, 32-bit, a3dacb, adb, Adbhoney, android, apk, apt, archive, arm, ascii, asyncrat, AsyncRAT, attack, auto-generated, automated, Automated, backdoor, banker, blacklist, BlackMatter, botnet, botnetdomain, BRAT, bruteforce, Business Email Compromise, c2-infrastructure, c2-monitor-auto, censys, cisco, clearfake, ClearFake, ClickFix, cobalt, Cobalt strike, CobaltStrike, coinminer, CoinMiner, compressed, connectwise, cowrie, Cybercrime, DattoRMM, digital ocean, dionaea, dotnet_pe, dropped-by-amadey, dropper, DugganUSA, elf, email, Encoded, exe, FantasyHub, fatt, fbf543, file name, Formbook, Fuery, gafgyt, geofenced, gitlab, GoToResolve, hajime, heralding, honeytrap, hta, js, LAMP, login, m68k, macOS, MacSync, mailoney, malicious, Malicious IP, malware, MaskGramStealer, MassLogger, Metasploit, Microsoft, Microsoft Teams, MillenuimRAT, mips, mirai, mozi, Mozi, msi, njRAT, OpenCTI, opendir, osint-volley, p0f, Password: bluys, Password: lunex, Password: ryos, peexe, phishing, portscan, powerpc, PowerPC, powershell, ps1, pw-bluys, pw-ryos, quasarrat, rat, remcosrat, remote access, SantaStealer, scan, scanner, scanners, script, sensor-tagged, sentrypeer, sftp, sh, sha values, SilverFox, sip, Sliver, smoke loader, sparc, ssh, SSH, sshdkit, submit date, superh, SuperH, suricata, SystemBC, tanner, tcp, telnet, Telnet, threatfox, tpot, trojan, TrustConnect, ua-wget, unknown-malware, unknown-stealer, USA, usa x86, Vidar, vultr, windows, WsgiDAV, x86, xml-opendir, xworm, zip

  • View other sources: Spamhaus VirusTotal

  • Country:
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: portscan telnet
  • Countries Attacked: France
  • Passive DNS Results: www.mu-minhvuong.com mu-minhvuong.com

Malware Detected on Host

Count: 9 25164acf2c66b91aaae08639711e705759b25eef6f57f3c3b20def81c002bd2a cc21553798e441821028277456c940fc6faa78d5b04c37cc3930b516a5f7c45a b893e099567b057b939b229817c0e0330e41a576963c460e692dc5d277120d6f 5efbf3b454487e8fcaa633d0266f19e5a21cb03d017de8e41fe09a53e4b0018d 23f2d852d6e6061c4e4a697a8965ac4008db41c8ac7d4bfefac5c03d00bbf078 f7ff91c6aac93ab4abdf2ed716b07b8fb5ce85c4c32ac6830d64c35165a75b14 33a3041d5f71b196b0de6ddb450b0be216a93f0b297765160fe345c3c5b03d0f b04d3ad2ceca9682a5bb2cdd0630739bcf4f944e3eed6ae06e3dc53d585f0a12 d216a98d6e6dadf1ab1177f03795689c98b73807aa92d5330507599cc43cbd32

Open Ports Detected

22 80

CVEs Detected

CVE-2006-20001 CVE-2007-4723 CVE-2009-0796 CVE-2009-2299 CVE-2011-1176 CVE-2011-2688 CVE-2012-3526 CVE-2012-4001 CVE-2012-4360 CVE-2013-0941 CVE-2013-0942 CVE-2013-2765 CVE-2013-4365 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30556 CVE-2022-31813 CVE-2022-36760 CVE-2022-37436 CVE-2023-25690 CVE-2023-27522 CVE-2023-31122 CVE-2023-38709 CVE-2023-45802 CVE-2024-24795 CVE-2024-27316 CVE-2024-38472 CVE-2024-38473 CVE-2024-38474 CVE-2024-38475 CVE-2024-38476 CVE-2024-38477 CVE-2024-39573 CVE-2024-40898 CVE-2024-42516 CVE-2024-43204 CVE-2024-43394 CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020 CVE-2025-55753 CVE-2025-58098 CVE-2025-59775 CVE-2025-65082 CVE-2025-66200

Whois Information

  • NetRange: 160.21.0.0 - 160.30.255.255
  • CIDR: 160.21.0.0/16, 160.30.0.0/16, 160.28.0.0/15, 160.22.0.0/15, 160.24.0.0/14
  • NetName: APNIC
  • NetHandle: NET-160-21-0-0-1
  • Parent: NET160 (NET-160-0-0-0-0)
  • NetType: Early Registrations, Transferred to APNIC
  • OriginAS:
  • Organization: Asia Pacific Network Information Centre (APNIC)
  • RegDate: 2017-09-05
  • Updated: 2017-09-05
  • Ref: https://rdap.arin.net/registry/ip/160.21.0.0
  • OrgName: Asia Pacific Network Information Centre
  • OrgId: APNIC
  • Address: PO Box 3646
  • City: South Brisbane
  • StateProv: QLD
  • PostalCode: 4101
  • Country: AU
  • RegDate:
  • Updated: 2012-01-24
  • Ref: https://rdap.arin.net/registry/entity/APNIC
  • OrgTechHandle: AWC12-ARIN
  • OrgTechName: APNIC Whois Contact
  • OrgTechPhone: +61 7 3858 3188
  • OrgTechEmail: search-apnic-not-arin@apnic.net
  • OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
  • OrgAbuseHandle: AWC12-ARIN
  • OrgAbuseName: APNIC Whois Contact
  • OrgAbusePhone: +61 7 3858 3188
  • OrgAbuseEmail: search-apnic-not-arin@apnic.net
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
  • inetnum: 160.30.158.0 - 160.30.159.255
  • netname: PHBTECH-VN
  • descr: PHB Digital Technology Solutions Company Limited
  • descr: 606/32/16 National Highway 13, Quarter 4, Hiep Binh Phuoc Ward, Thu Duc City, Ho Chi Minh City
  • admin-c: PHB3-AP
  • tech-c: PHB3-AP
  • country: VN
  • mnt-by: MAINT-VN-VNNIC
  • mnt-irt: IRT-VNNIC-AP
  • mnt-routes: MAINT-VN-VNNIC
  • status: ASSIGNED PORTABLE
  • last-modified: 2025-06-12T10:14:57Z
  • irt: IRT-VNNIC-AP
  • address: Ha Noi, VietNam
  • phone: +84-24-35564944
  • fax-no: +84-24-37821462
  • e-mail: hm-changed@vnnic.vn
  • abuse-mailbox: hm-changed@vnnic.vn
  • admin-c: NTTT1-AP
  • tech-c: NTTT1-AP
  • mnt-by: MAINT-VN-VNNIC
  • last-modified: 2025-11-17T23:08:34Z
  • person: Phan Huu Bao
  • address: PHBTECH-VN
  • country: VN
  • phone: +84-904798783
  • e-mail: admin@phpdt.io.vn
  • nic-hdl: PHB3-AP
  • mnt-by: MAINT-VN-VNNIC
  • last-modified: 2025-06-12T10:09:49Z
  • route: 160.30.159.0/24
  • descr: PHBTECH-VN
  • origin: AS152978
  • mnt-by: MAINT-VN-VNNIC
  • last-modified: 2025-07-17T09:52:23Z

Links to attack logs

vultrmelbournetest-telnet-bruteforce-ip-list-2026-02-20 vultrparis-telnet-bruteforce-ip-list-2026-02-20 vultrmelbournetest-telnet-bruteforce-ip-list-2026-02-21 digitaloceanlondon-telnet-bruteforce-ip-list-2026-02-20 vultrtokyo-telnet-bruteforce-ip-list-2026-02-20 digitaloceansingapore-telnet-bruteforce-ip-list-2026-02-21 digitaloceanlondon-telnet-bruteforce-ip-list-2026-02-23 vultrmelbournetest-telnet-bruteforce-ip-list-2026-02-23 digitaloceansingapore-telnet-bruteforce-ip-list-2026-02-20 vultrtokyo-telnet-bruteforce-ip-list-2026-02-21 digitaloceantoronto-telnet-bruteforce-ip-list-2026-02-23 vultrparis-telnet-bruteforce-ip-list-2026-02-21 digitaloceantoronto-telnet-bruteforce-ip-list-2026-02-21 digitaloceansingapore-telnet-bruteforce-ip-list-2026-02-23 vultrtokyo-telnet-bruteforce-ip-list-2026-02-23 vultrparis-telnet-bruteforce-ip-list-2026-02-23 digitaloceantoronto-telnet-bruteforce-ip-list-2026-02-20

Share on: