Elevated Risk
IP address 202.92.6.73, registered to Vietnam Posts and Telecommunications Group in Vietnam (AS135905), is a high-risk threat actor with a threat level of 8/10, linked to credential-based attacks, web application probing, and denial-of-service activity detected across automated honeypot sensors and community reporting sources between April and May 2026.
Security monitoring systems logged 157 total abuse reports attributed to this address with 100% confidence, sourced from 14 automated honeypot sensors and 6 community reports. The dominant threat categories observed were general hacking activity (20 reports), brute-force authentication attempts (13 reports), WordPress login brute-force attacks (13 reports), distributed denial-of-service activity (6 reports), with minor detections for port scanning and XML-RPC abuse. The high activity frequency score of 8/10 indicates sustained, repeated offensive operations against targeted services rather than opportunistic scanning.
The primary threat pattern involves systematic credential-stuffing and brute-force attempts against web-based authentication endpoints, particularly content management systems. Attack vectors observed include automated scanning for common administrative access paths, probing for vulnerable WordPress system files, and XML-RPC abuse attempting to exploit web service communication methods. The DDoS component suggests this infrastructure may also participate in coordinated traffic flooding. These techniques collectively indicate an actor seeking unauthorized administrative access to web properties through credential guessing while simultaneously mapping target environments for additional exploitation opportunities.
Defensive measures for exposed services include implementing multi-factor authentication on all administrative interfaces, deploying authentication hardening tools such as fail2ban to automatically block repeated failed-login sources, enforcing strong password policies and account lockout thresholds, and restricting or disabling XML-RPC access where not required. Network operators should review inbound traffic patterns from this source and consider blocking or rate-limiting at the perimeter to prevent further reconnaissance and authentication abuse attempts against their infrastructure.
LK 
BG 
AU 
LT 
JP