IPMediumSignal 63/100

`116.104.50.190`

Location

Malaysia

Hanoi, 20

ASN

AS7552

VIETTEL

First Seen

Jan 12, 2025

Last Seen

Jun 12, 2026

Jan 12

First Seen

527d ago

Jun 12

Last Seen

10d ago

Reports

source reports

63%

Confidence

medium

Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

63%

Signal Score

63 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

48 techniques

Network Information

Country

Malaysia

RegionHanoi, 20

ASNAS7552

OrganizationVIETTEL

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

27 reports63% confidence

Source reports

63%

Confidence score

Category tags

abuseaccess controlaccount compromiseaccount enumerationactive scanactive scanningapacheapache attackeraptasiaattackattack-attemptattacker ipattacker-ipaustraliaauthenticationauthentication attacksauthentication attemptauthentication failureauthentication-failureautomated attackautomated attack attemptsazure adbad reputationbad web botbelgiumbelgium ip addressesblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute-forcebrute_forcebruteforcec2 servercloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostscowriecowrie datacowrie honeypotcredential accesscredential attackcredential attackscredential brute forcecredential compromisecredential compromise attemptcredential harvestingcredential stuffingcredential-accesscredential-dumpingctadata exfiltrationdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedictionary attackdigital oceandigitalocean infrastructuredistributed attackseuropeexploitation activityexploited hostexternal attackexternal remote servicesexternal-threatexternal_threatfinlandfnt-secure-sentinelfnt-sentinelfraud voipftp brute forcehackingidentity & access exploitationimapimap attackindicatorinformation technologyinitial accessinitial access attemptinitial_accessinjection activityinjection attacksintrusion detectioniociocsipv4ipv4 indicatorsipv4-iocit infrastructurejapankill-chain exploitationkill-chain reconnaissancelateral movementlogin attemptmalaysiamalicious activitymalicious softwaremalicious-ipmalwaremalware distributionmedium-riskmicrosoft entra idmultiple accounts targetedmultiple users affectednetworknetwork attacksnetwork discoverynetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-discoverynetwork_scanningoceaniaopenctipassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackportscanprocess injectionransomwarereconnaissanceremote accessremote access attemptremote servicesresearchedresource hijackingscams & fraudscannerscannersscanning activityscripting attackssecure shell protocolsecurity operationssecurity policyself-signedservice scansftp access attemptsftp attacksmtpsmtp attackersmtp-attacksocial engineeringsoftware developmentspamsshssh attackssh monitoringssh-bruteswedent1018t1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1573t1588.004t1589t1589.002t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tcp protocolthreat actorthreat intelligencethreat intelligence feedthreat preventiontokyotor nodeturkeyunauthorized loginunauthorized login attemptsunauthorized-accessunited kingdomvalid accountsviet namvietnamvnvoidtrapvpnvpn ipvulnerability scanvultrvultr-platformwazuhweb app attackweb application attackweb attackweb exploitationweb spam

Activity Timeline

1 total obs

Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

63%

Confidence

Reports

First seenJan 12, 2025

Last seenJun 12, 2026

GeolocationMY

CountryMalaysia

LocationHanoi, 20

ASNAS7552

OrgVIETTEL

Coords20.4487, 106.3343

VPN

VirusTotal

Not checked

WHOIS

description: Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
raw: inetnum: 116.96.0.0 - 116.111.255.255 netname: VIETTEL-VN descr: Viettel Group descr: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN admin-c: TVT8-AP tech-c: NDT9-AP remarks: For spamming matters, mail to [email protected] status: ALLOCATED PORTABLE mnt-by: MAINT-VN-VNNIC mnt-irt: IRT-VNNIC-AP last-modified: 2017-11-11T09:41:03Z source: APNIC irt: IRT-VNNIC-AP address: Ha Noi, VietNam phone: +84-24-35564944 fax-no: +84-24-37821462 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NTTT1-AP tech-c: NTTT1-AP auth: # Filtered mnt-by: MAINT-VN-VNNIC last-modified: 2025-11-17T23:08:34Z source: APNIC person: Nguyen Dang Tiep address: Viettel Network Corporation address: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN phone: +84-24-62989898 e-mail: [email protected] nic-hdl: NDT9-AP mnt-by: MAINT-VN-VIETEL last-modified: 2017-11-11T09:40:35Z source: APNIC person: Tran Van Thanh address: Viettel Network Corporation address: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN phone: +84-24-62989898 e-mail: [email protected] nic-hdl: TVT8-AP mnt-by: MAINT-VN-VIETEL last-modified: 2018-08-21T09:57:13Z source: APNIC route: 116.96.0.0/12 descr: VIETTEL-VN origin: AS24086 mnt-by: MAINT-VN-VNNIC last-modified: 2025-08-27T15:13:39Z source: APNIC route: 116.96.0.0/12 descr: VIETTEL-VN origin: AS38731 mnt-by: MAINT-VN-VNNIC last-modified: 2025-08-27T15:13:44Z source: APNIC route: 116.96.0.0/12 descr: VIETTEL-VN origin: AS7552 mnt-by: MAINT-VN-VNNIC last-modified: 2025-08-27T15:13:33Z source: APNIC
references: https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-17/, https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-27/

`116.104.50.190`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey