Critical Alert
IP 103.6.244.236 is a maximum-threat Malaysian address associated with VNC brute-force attacks and broader hacking activity, with 199 abuse reports filed across automated honeypot sensors over a five-month window between November 2025 and March 2026.
Detection data shows this address generated reports from 20 separate honeypot sensors, with the dominant threat vector identified as VNC brute-force attempts alongside general unauthorized access attempts. The network traces to iCore Technology Sdn Bhd operating AS132198 in Malaysia. Despite a 10/10 threat classification, the 59% confidence score indicates some uncertainty in attribution, and an activity frequency of 0/10 suggests the most aggressive phase of operations may have concluded, though the report volume remains significant and warrants continued vigilance.
The primary threat from this IP centers on automated VNC brute-force campaigns that systematically cycle through authentication credentials to compromise remote desktop services lacking adequate protection. These unsophisticated but relentless attacks exploit weak or default credentials, pose particular risk to exposed VNC servers without rate limiting or account lockout policies, and can serve as an initial foothold for data theft or lateral movement within compromised networks.
Site operators with exposed VNC, SSH, RDP or similar authentication portals should implement immediate defensive measures: enforce multi-factor authentication, configure account lockout thresholds after failed attempts, and deploy automated dynamic blocking tools such as fail2ban to ban IPs exhibiting brute-force patterns. Regularly auditing exposed services, restricting access by geographic origin where operationally feasible, and maintaining intrusion detection monitoring will further reduce the risk of successful compromise originating from this or similar hostile addresses.
RO 
PH 
UA 
VN