103.200.25.198 — Long Van System Solution JSC, VN — Very High (99%)

Check an IP Address, Domain Name, Subnet, or ASN

103.200.25.198 was found in our database!

Confidence Level

99%

Very High?

Geolocation

🇻🇳

Vietnam

ISPLong Van System Solution JSC

ASNAS131386

Activity Timeline

First seenFeb 26, 2026, 10:58 AM

Last seen18m ago

93Sessions

93Events

Protocol Breakdown

SSH

93 / 93

103.200.25.198 has a very high threat confidence level of 99%, originating from Vietnam, on the Long Van System Solution JSC network (131386). It has been observed across 93 sessions targeting SSH, with detected attack patterns including ssh authorized keys persistence established, ssh automated post compromise recon and persistence chain, First observed on February 26, 2026, most recently active March 6, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Authorized Keys Persistence Established

very_high19x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

Ssh Automated Post Compromise Recon And Persistence Chain

very_high1x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

Primitives

Individual actions observed

Ssh Authorized Keys Replacement Home20 Unix Home Ssh Directory Attribute Modification Attempt20 Ssh Uname All1 Ssh Whoami User Identity1 Ssh Uname Basic Invocation1 Ssh Lscpu Model Field Filter1 Ssh Cpuinfo Name Count Via Wc1 Ssh Crontab List Current User1 Ssh Uname Machine Architecture1 Ssh Cpuinfo Model Name Line Count1 Ssh W Logged In Users Enumeration1 Ssh Free Mem Multi Field Extraction Mb1 Ssh Df Head Second Line Field Extraction1 Ssh Cpuinfo Model Field Subset Extraction1 Ssh Passwd Stdin Password Change Pipeline1 Ssh Top Interactive Process Monitor Invocation1 Ssh Passwd Noninteractive Stdin Password Change1 Ssh Ls Binary Path Resolution And Metadata Listing1

Related Threats

Explore related threat intelligence

🇻🇳More threats fromVietnam ASMore threats fromLong Van System Solution JSC SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
103.200.25.162	100%	558
45.119.87.131	13%	13
103.200.25.79	99%	103
45.119.84.54	100%	669
45.119.85.50	97%	52

IP Address	Confidence	Events
116.99.175.87	75%	155
125.234.107.246	20%	21
14.161.22.36	100%	470
14.225.2.67	91%	338
14.239.116.31	37%	8