IOC Radar
IPMediumSignal 80/100

171.244.37.97

Location
AustraliaAustralia
Hanoi, Hanoi
ASN
AS7552
VIETEL
First Seen
Nov 18, 2023
Last Seen
Jun 7, 2026
Nov 18
First Seen
936d ago
Jun 7
Last Seen
4d ago
32
Reports
source reports
80%
Confidence
medium
12/91
VirusTotal
detections
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

84 techniques

Network Information

CountryAUAustralia
RegionHanoi, Hanoi
ASNAS7552
OrganizationVIETEL

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

32 reports80% confidence
32
Source reports
80%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount accessaccount compromiseaccount takeover attemptsactive scanactive scanninganomalous network connectionsapacheapache attackeraptasiaasnattackattack source: externalattack source: gbattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication failureauthentication failuresauthentication-attemptsauthentication_failuresautomated attackautomated attacksautomated threatbad reputationbad web botblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebruteforcec2c2 communicationc2 servercertchina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscliftonclifton data centercloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecocos (keeling) islandscode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie datacowrie honeypotcredential accesscredential access attemptcredential attackcredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential stuffing attemptscredential-stuffingcredential_stuffingctacybersecurity eventdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdictionary-attackdigital oceandigitalocean vpsdionaea honeypotdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploitation activityexploitation attemptsexploited hostexternal remote servicesexternal-facingfail2ban alertfail2ban blocked ipsfail2ban logsfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegeographic locationgeoipgermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationimap brute forceindiaindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinjection activityinjection attacksintrusion detectioninvalid loginiociot securityiot targetedipv4it infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp stacklateral movementlinuxlinux serverlinux systemslinux-server-attackslog analysislogin attacklogin attemptlogin attemptslogin brute forcelogin brute-forcelogin bruteforcelogin failurelow-riskmailmailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmod securitymultiple failed loginsnetworknetwork attacksnetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicenetwork service scanningnetwork traffic analysisnetwork-reconnaissancenorth americanoticeoceaniaopen proxyos credentials dumpingosintp0fpassword attackpassword attackspassword crackingpassword dictionary attackpassword sprayingpassword-guessingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningpossible botnet activitypossible malware distributionpotential intrusionprocess injectionproduction_environment_threatprotocol exploitationproxypublicly accessible infrastructureransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote access attemptsremote access serviceremote servicesremote_accessresearchresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity alertsecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserver-attackservice enumerationservice exploitationservice scansftp attacksftp exploitation attemptssip brute forcesip scanningsip_brute_forcesip_vicioussmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradarsoftware developmentspamsshssh attackssh brute-force attemptssh monitoringssh-brutessh_brute_forcesystem accesst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.001 password guessingt1110.002t1110.003t1110.003 credential stuffingt1110.004t1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.002t1552.001t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1589t1589.001t1589.002t1590t1590.001t1591t1592t1593t1594t1595t1595.001t1595.002t1595.003t1596tannertargeting databasetcp protocoltcp scantcp/22telecommunicationstelnet threatthreat activitythreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunauthorized-access-attemptunbanunited kingdomunited statesunknown threat actorus abuseus noneutc+1:00valid accountsviet namvietnamvnvoidtrapvoipvoip attackvpnvpn ipvpsvps securityvulnerability scanvultrweb app attackweb application attackweb attackweb brute forceweb exploitweb exploitationweb loginweb serversweb spamweb traffic

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
32
Reports
First seenNov 18, 2023
Last seenJun 7, 2026
GeolocationAU
CountryAustralia
LocationHanoi, Hanoi
ASNAS7552
OrgVIETEL
Coords21.0278, 105.8340
ProxyVPN

VirusTotal

12/ 91vendors flagged
13% detection rateJun 7, 2026

WHOIS

description
BruteForce_Attack
raw
inetnum: 171.224.0.0 - 171.255.255.255 netname: VIETTEL-VN descr: Viettel Group descr: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN admin-c: TVT8-AP tech-c: NDT9-AP status: ALLOCATED PORTABLE mnt-irt: IRT-VNNIC-AP mnt-by: MAINT-VN-VNNIC last-modified: 2017-11-11T09:43:21Z source: APNIC irt: IRT-VNNIC-AP address: Ha Noi, VietNam phone: +84-24-35564944 fax-no: +84-24-37821462 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NTTT1-AP tech-c: NTTT1-AP auth: # Filtered mnt-by: MAINT-VN-VNNIC last-modified: 2026-04-21T02:07:47Z source: APNIC person: Nguyen Dang Tiep address: Viettel Network Corporation address: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN phone: +84-24-62989898 e-mail: [email protected] nic-hdl: NDT9-AP mnt-by: MAINT-VN-VIETEL last-modified: 2017-11-11T09:40:35Z source: APNIC person: Tran Van Thanh address: Viettel Network Corporation address: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN phone: +84-24-62989898 e-mail: [email protected] nic-hdl: TVT8-AP mnt-by: MAINT-VN-VIETEL last-modified: 2018-08-21T09:57:13Z source: APNIC route: 171.224.0.0/11 descr: VIETTEL-VN origin: AS24086 mnt-by: MAINT-VN-VNNIC last-modified: 2025-08-14T17:12:04Z source: APNIC route: 171.224.0.0/11 descr: VIETTEL-VN origin: AS38731 mnt-by: MAINT-VN-VNNIC last-modified: 2025-08-14T17:12:09Z source: APNIC route: 171.224.0.0/11 descr: VIETTEL-VN origin: AS7552 mnt-by: MAINT-VN-VNNIC last-modified: 2025-08-14T17:11:59Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 4 days ago
Appeared in 32 threat reports