116.102.39.187

Summary (Bottom Line Up Front)

Malicious activity detected from 116.102.39.187 (VN, ASNone). 65038 events observed across Diameter, MySQL, SMB, TCP, TCP/SYN. AI verdict: MEDIUM.

Diameter MySQL SMB TCP TCP/SYN
SMB_EXPLOIT_PROBE PROTO_ABUSE
Activity Timeline
INITIAL REPORT2026-05-30T06:44:07Z
Source: Analyst Manual Entry
Malicious activity detected from 116.102.39.187 (VN, ASNone). 65038 events observed across Diameter, MySQL, SMB, TCP, TCP/SYN. AI verdict: MEDIUM.
Technical details
Protocols: Diameter, MySQL, SMB, TCP, TCP/SYN
Attack types: PROTO_ABUSE, SMB_EXPLOIT_PROBE
Unique destination ports: 1
Active window: 2026-05-23 06:34:05.062782 to 2026-05-28 15:43:40.226855
Top patterns: smb1_detected, suricata_sid_2210036, suricata_sid_2210045, suricata_sid_2210035
IOCs
IP:116.102.39.187
COUNTRY:VN
Recommendations
  • Block 116.102.39.187 at perimeter firewall
  • Review correlated attacker profiles for campaign links
Threat Assessment
Threat Level HIGH
AI Verdict MEDIUM
Confidence 75%
Total Events 65,038
AbuseIPDB 100/100
Indicators of Compromise
ip 116.102.39.187
country VN
Captured Payloads (1)
MEDIUM PROTO_ABUSE TCP:445 
SURICATA STREAM FIN2 FIN with wrong seq