171.225.184.76 — Viettel Group, VN — High (77%)

Check an IP Address, Domain Name, Subnet, or ASN

171.225.184.76 was found in our database!

Confidence Level

77%

High?

Geolocation

🇻🇳

VietnamDa Nang

ISPViettel Group

ASNAS7552

Activity Timeline

First seenMar 4, 2026, 11:37 PM

Last seen2h ago

11Sessions

11Events

Protocol Breakdown

SMB

11 / 11

171.225.184.76 has a high threat confidence level of 77%, originating from Da Nang, Vietnam, on the Viettel Group network (7552). It has been observed across 11 sessions targeting SMB, with detected attack patterns including smb remote service stager via mshta, First observed on March 4, 2026, most recently active March 6, 2026.

Behaviors

Classified behavioral patterns observed

Smb Remote Service Stager Via Mshta

high2x

Composite behavior indicating remote lateral movement over SMB followed by service-based execution of a staged payload delivered through mshta invoking msiexec from remote infrastructure. The sequence combines IPC$ share access, SAMR and SVCCTL RPC binding, service control pipe interaction, and remote command execution consistent with administrative service creation or modification to execute a downloaded installer. This pattern is strongly associated with hands-on-keyboard intrusion activity and automated lateral propagation frameworks leveraging Windows service execution for payload deployment.

Primitives

Individual actions observed

Smb Svcctl Rpc Bind10 Smb Root Read2 Smb Samr Rpc Bind2 Smb Ipc Share Access2 Smb Svcctl Pipe Open2 Mshta Vbscript Msiexec Fetch2

Related Threats

Explore related threat intelligence

🇻🇳More threats fromVietnam ASMore threats fromViettel Group SMBMore threats targetingSMB { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
171.249.163.174	35%	112
27.72.30.88	44%	6
27.74.252.120	22%	39
171.244.40.3	88%	23
116.104.171.179	35%	3

IP Address	Confidence	Events
171.249.163.174	35%	112
14.225.2.67	90%	292
118.68.165.68	35%	3
27.72.30.88	44%	6
123.16.53.239	13%	5