IOC Radar
IPMediumSignal 60/100

116.103.230.94

Location
FranceFrance
Hanoi, DN
ASN
AS7552
VIETTEL
First Seen
Jul 2, 2023
Last Seen
Jun 2, 2026
Jul 2
First Seen
1092d ago
Jun 2
Last Seen
26d ago
15
Reports
source reports
60%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

59 techniques

Network Information

CountryFRFrance
RegionHanoi, DN
ASNAS7552
OrganizationVIETTEL

IP Category

Proxy
Proxy server

Feed Intelligence Summary

15 reports60% confidence
15
Source reports
60%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningasiaattackattacker-ipaustraliabad reputationbad web botblacklist candidateblacklisted ipblock listblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcec2 communicationcanadachina mobilecivil servicescloud infrastructurecode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised hostcompromised systemscowriecowrie honeypotcowrie interactionscredential accesscredential stuffingctadata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedhcpdhcp scanningdigital oceandionaeadionaea activitydionaea honeypotdionaea interactionsdistributed attacksdnsdns attackelasticsearchelasticsearch scanningencryptioneuropeexploitexploit attemptsexploit probingexploitationexploitation activityexploitation attemptsexploited hostfattfatt analysisfatt signaturesfin scanfinlandfranceftpftp attacksftp brute forcegermanygovernment technologyhackinghk abusehandlerhoneynet connecthoneytrap activityhoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp scannerhttp scanninghttpshydraidentity & access exploitationimapimap brute forceindicatorindicators of compromiseinformation gatheringinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4kazakhstankaznetlateral movementldapldap brute forcelogin attemptmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious ip activitymalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionmasscanmemcached scanningmirai botnetmssqlmssql brute forcemssql databasenetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnetwork-based attack attemptsnmapnorth americantpntp scanningnull scanoceaniaopenctioracleoracle brute forceoracle databasep0fp0f signaturespassword attackpassword attackspgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible reconnaissance activitypostgresql brute forceprocess injectionprotocol exploitationproxypublic administrationpublic infrastructurepublic policyransomwarerdp attacksreconnaissanceredis brute forceregulatory agenciesremote accessremote access attemptremote servicesresearchedresource hijackingrtbhscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver exploitationservice enumerationservice scansip attacksslugsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsocks5socks5 proxysocks5 scanningspamsql injectionsshssh attackssh attacksssh monitoringsurface websuricata alertssyn scansystem accesst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1210t1486t1496t1498t1499.001t1499.002t1499.003t1505.002t1505.004t1550.003t1562t1563t1565t1566t1573t1583t1583.001t1583.002t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontimeouttor nodetpotudp port scanudp scanunattributed activityunauthorized access attemptunited statesus noneviet namvietnamvnvnc protocolvnc scanningvoidtrapvoipvoip attackvulnerability scanweb app attackweb application attackweb attackweb exploitweb exploitationweb spamweb trafficxmas scan

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
15
Reports
First seenJul 2, 2023
Last seenJun 2, 2026
GeolocationFR
CountryFrance
LocationHanoi, DN
ASNAS7552
OrgVIETTEL
Coords16.0685, 108.2215
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=dionaea, p0f, suricata; threshold?1; private IPs excluded. geo=VN; ports=445 Location=Sydney, Australia.
raw
inetnum: 116.96.0.0 - 116.111.255.255 netname: VIETTEL-VN descr: Viettel Group descr: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN admin-c: TVT8-AP tech-c: NDT9-AP remarks: For spamming matters, mail to [email protected] status: ALLOCATED PORTABLE mnt-by: MAINT-VN-VNNIC mnt-irt: IRT-VNNIC-AP last-modified: 2017-11-11T09:41:03Z source: APNIC irt: IRT-VNNIC-AP address: Ha Noi, VietNam phone: +84-24-35564944 fax-no: +84-24-37821462 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NTTT1-AP tech-c: NTTT1-AP auth: # Filtered mnt-by: MAINT-VN-VNNIC last-modified: 2017-11-08T09:40:06Z source: APNIC person: Nguyen Dang Tiep address: Viettel Network Corporation address: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN phone: +84-24-62989898 e-mail: [email protected] nic-hdl: NDT9-AP mnt-by: MAINT-VN-VIETEL last-modified: 2017-11-11T09:40:35Z source: APNIC person: Tran Van Thanh address: Viettel Network Corporation address: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN phone: +84-24-62989898 e-mail: [email protected] nic-hdl: TVT8-AP mnt-by: MAINT-VN-VIETEL last-modified: 2018-08-21T09:57:13Z source: APNIC route: 116.103.230.0/24 descr: VIETTEL-VN origin: AS24086 mnt-by: MAINT-VN-VNNIC last-modified: 2024-04-05T16:57:59Z source: APNIC route: 116.103.230.0/24 descr: VIETTEL-VN origin: AS7552 mnt-by: MAINT-VN-VNNIC last-modified: 2024-04-05T17:00:13Z source: APNIC
references
https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://list.rtbh.com.tr/output.txt, https://threats.kz

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 26 days ago
Appeared in 15 threat reports