IPMediumSignal 49/100

`103.231.248.195`

Location

Vietnam

Tây Hồ, Tay Ninh

ASN

AS63737

MTD Viet NAM Investment Company Limited

First Seen

Sep 25, 2025

Last Seen

Apr 21, 2026

Sep 25

First Seen

271d ago

Apr 21

Last Seen

63d ago

Reports

source reports

49%

Confidence

medium

Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

49%

Signal Score

49 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

44 techniques

Network Information

Country

Vietnam

RegionTây Hồ, Tay Ninh

ASNAS63737

OrganizationMTD Viet NAM Investment Company Limited

Feed Intelligence Summary

11 reports49% confidence

Source reports

49%

Confidence score

Category tags

abuseaccess attemptsaccess controlaccount compromiseaccount securityackactive reconnaissanceactive scanactive scanningadministrative accessaptasiaattackattack surface discoveryattack vectorsaustraliaauthentication attemptsautomated attackautomated attacksbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptscanadacloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolcompromised hostcompromised hostsconnect scancowrie honeypotcredential accesscredential access attemptcredential attackscredential guessingcredential stuffingcredential-accesscredential_accesscredential_attackcyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedictionary_attackdigital oceandigitalocean infrastructuredigitalocean ipdigitalocean ipsdionaea honeypotdistributed attacksencryptionenumerationeuropeexploitexploit public-facing applicationexploitationexploitation activityexploited hostexternal scanningexternal threatexternal_threatfattfin scanfranceftpftp brute forceftp scanhackinghoneytrap honeypothttp brute forcehttp scanhttp scannerhttpshydraidentity & access exploitationimapindicatorindicators of compromiseinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial_access_attemptinjection activityinjection attacksinternet of thingsinternet scaninternet-facing assetsinternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scanintrusion detectioniot botnetiot securityiot/ics attackip-addressesipv4ipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4_addressjapanlateral movementlogin attacklogin attemptslogin_attemptlondonmailoney honeypotmalicious activitymalicious infrastructuremalicious ip listmalicious ipsmalicious ipv4malicious softwaremalicious trafficmalwaremalware behaviourmalware capturemass scanningmasscanmelbourne regionmirai botnetnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusion attemptsnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_activitynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnorth americanull scanoceaniaopen port detectionopen_port_discoveryoperating systemoperating system securityp0fpassword attackpassword attackspassword crackingpassword_attackphishingphishing attackphishing trapping of deathpossible exploit attemptspotential credential stuffingpotential threat actorpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationpublic cloud targetingransomwarerdp scanrdp scanningreconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscanner activityscanner ipscannersscanning activitysecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetservice detectionservice discoveryservice enumerationservice probingservice scanservice_enumerationsmtpsmtp scanssh attackssh monitoringssh scansynsyn scansyn_scansystem accesst1016t1018t1021t1021.001t1021.002t1040t1046t1055t1059t1059.003t1069.001t1071t1071.001t1076t1077t1078t1083t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1583t1589t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp scanningtcp_scantelecommunicationstelnet scantelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat-intelligencethreat_intelligencetokyotor nodetorontotpotudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized probingunited kingdomunknown actorunknown threat actorvietnamvoipvoip attackvulnerability scanvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr tokyovultr_platform_activityweb application attackweb exploitweb exploitationweb trafficxmas scanxmas_scan

Activity Timeline

1 total obs

Apr 21Apr 21

Threat Activity Heatmap

· Peak: 2026-04-21

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

49%

Confidence

Reports

First seenSep 25, 2025

Last seenApr 21, 2026

GeolocationVN

CountryVietnam

LocationTây Hồ, Tay Ninh

ASNAS63737

OrgMTD Viet NAM Investment Company Limited

Coords11.1105, 106.1790

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

medium

First detected 9 months ago · Last seen 2 months ago

Appeared in 11 threat reports