IOC Radar
IPMediumSignal 56/100

103.1.210.25

Location
VietnamVietnam
Hanoi, Ha Noi
ASN
AS38731
Viettel-CHT Company Ltd
First Seen
Dec 31, 2025
Last Seen
Jun 8, 2026
Dec 31
First Seen
165d ago
Jun 8
Last Seen
6d ago
11
Reports
source reports
56%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryVNVietnam
RegionHanoi, Ha Noi
ASNAS38731
OrganizationViettel-CHT Company Ltd

Feed Intelligence Summary

11 reports56% confidence
11
Source reports
56%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseaccount securityackactive scanactive scanningadminadministrative accessaptasiaattacker ipattacker-ipaustraliaauthentication attemptsautomated attackautomated attacksautomated multi-vector probingbad reputationbad web botblacklisted ip addressbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute-forcebrute_forcebrute_force_attackbruteforcecanadacloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncommand and controlcommand executioncommunication protocolcompromised hostcompromised hostsconnect scancowriecowrie honeypotcredential accesscredential stuffingcredential-accesscredential_accesscredential_attackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedictionary_attackdigital oceandigitalocean infrastructuredigitalocean ipdigitalocean ipsdionaeadionaea honeypotdistributed attacksencryptionenumerationeuropeexploitexploit attemptexploit public-facing applicationexploitationexploitation activityexploited hostexternal_threatfattfin scanfranceftpftp brute forceftp_scanhackinghoneytrap honeypothttp brute forcehttp scannerhttp_scanhttpshydraidentity & access exploitationimapinbound scanindicatorinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial-accessinitial_accessinjection activityinjection attacksinternet facing systemsinternet of thingsinternet-facing assetsinternet_wide_scanintrusion detectioniociocsiot botnetiot securityiot/ics attackip-addressipv4ipv4 addressesipv4 port scanningipv4 scanningipv4 trafficipv4_scanningjapanlateral movementlogin attacklogin attemptslogin_attemptlondonmailoney honeypotmalicious activitymalicious ipmalicious ip listmalicious ipsmalicious softwaremalwaremalware behaviourmalware capturemasscanmelbourne regionmiraimirai botnetnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-attacknetwork-reconnaissancenetwork_activitynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scanningnetworkscanningnmapnorth americanull scanoceaniaopen port detectionoperating systemoperating system securityopportunistic attackp0fpassword attackpassword attackspassword crackingpassword_attackphishingphishing attackphishing trapping of deathport-scanportscanpossible exploit attemptspotential credential stuffingpotential threat actorpotential vulnerability probingprivilege escalationprocess injectionprotocol exploitationransomwarerdprdp_scanreconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscanner activityscanner ipscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetservice detectionservice discoveryservice enumerationservice scanservice_enumerationsmtpsmtp brute forcesql injectionsql-injectionsshssh attackssh monitoringssh_scansynsyn scansyn_scansystem accesst1016t1018t1021t1021.001t1021.002t1040t1046t1055t1059t1059.003t1059.007t1069.001t1071.001t1076t1077t1078t1083t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1583t1589t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat_actor_unknowntor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunited kingdomunknown threat actorvietnamvnvoidtrapvoipvoip attackvulnerability scanvulnerability-scanvultrvultr infrastructurevultr infrastructure targetedvultr tokyoweb app attackweb application attackweb attackweb exploitweb exploitationweb trafficweb-attackwinwindowsxmas scanxmas_scan

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
11
Reports
First seenDec 31, 2025
Last seenJun 8, 2026
GeolocationVN
CountryVietnam
LocationHanoi, Ha Noi
ASNAS38731
OrgViettel-CHT Company Ltd
Coords21.0278, 105.8340

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 103.1.208.0 - 103.1.211.255 netname: VTDC-VN descr: Viettel-CHT Company Ltd descr: Hoa Lac Hi-Tech Park, Km 29 Thang Long Boulevard, Thach That District, Hanoi City descr: Thach That, Ha Noi country: VN admin-c: NDT14-AP tech-c: DKT3-AP status: ALLOCATED PORTABLE mnt-by: MAINT-VN-VNNIC mnt-lower: MAINT-VN-VNNIC mnt-routes: MAINT-VN-VNNIC mnt-irt: IRT-VNNIC-AP last-modified: 2020-05-06T10:49:42Z source: APNIC irt: IRT-VNNIC-AP address: Ha Noi, VietNam phone: +84-24-35564944 fax-no: +84-24-37821462 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NTTT1-AP tech-c: NTTT1-AP auth: # Filtered mnt-by: MAINT-VN-VNNIC last-modified: 2026-04-21T02:07:47Z source: APNIC person: Dau Khac Thanh address: Hoa Lac Hi-Tech Park, Km 29 Thang Long Boulevard, Thach That District, Hanoi City country: VN phone: +84-24-62728866 e-mail: [email protected] nic-hdl: DKT3-AP mnt-by: MAINT-VN-VNNIC last-modified: 2020-05-06T10:38:09Z source: APNIC person: Nguyen Dinh Tuan address: Hoa Lac Hi-Tech Park, Km 29 Thang Long Boulevard, Thach That District, Hanoi City country: VN phone: +84-24-62728866 e-mail: [email protected] nic-hdl: NDT14-AP mnt-by: MAINT-VN-VNNIC last-modified: 2020-05-06T10:36:26Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 6 days ago
Appeared in 11 threat reports