IOC Radar
IPMediumSignal 58/100

1.83.125.77

Location
ChinaChina
Xincheng, Shaanxi
ASN
AS4134
Chinanet SN
First Seen
Sep 6, 2020
Last Seen
May 8, 2026
Sep 6
First Seen
2107d ago
May 8
Last Seen
37d ago
21
Reports
source reports
58%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryCNChina
RegionXincheng, Shaanxi
ASNAS4134
OrganizationChinanet SN

IP Category

Proxy
Proxy server

Feed Intelligence Summary

21 reports58% confidence
21
Source reports
58%
Confidence score
Category tags
abuseactive scanactive scanningaptasiaattackaustraliaauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbruteforcec2certchinaciscocisco devicecisco exploitation attemptscncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised serverconpotconpot honeypotcowriecowrie honeypotcowrie ssh logscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingexploitexploit attemptsexploitation activityexploited hostfattftpftp brute forcehackinghoneytrap honeypothttp scannerhttp scanningics securityidentity & access exploitationindicatorindustrial control systemsinjection activityintrusion detectioniot securityiot/ics attackipphoney honeypotlamplamp server targetinglamp stack attacklateral movementmailoney honeypotmalicious activitymalicious domainmalicious softwaremalwaremalware behaviourmalware capturemalware detectionmalware propagationnetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynetwork traffic analysisnorth americaoceaniaopen relayp0fpassword attacksphishingphishing attackphishing trapportscanpossible mirai variantprocess injectionprotocol exploitationproxyransomwarereconnaissanceredis honeypotredishoneypotremote access attemptsresearchedresource hijackingscannerscannersscanning activitysensor-taggedsentrypeer botnetservice scansftpsftp activitysftp attacksftp attackssipsip brute forcesmtpsocial engineeringsocradarspamsshssh attackssh monitoringsurface webt1018t1021t1040t1041t1046t1053t1055t1059t1071t1071.001t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1590t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp port scanunited statesvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application scanningweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 8May 8

Threat Activity Heatmap

· Peak: 2026-05-08
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
21
Reports
First seenSep 6, 2020
Last seenMay 8, 2026
GeolocationCN
CountryChina
LocationXincheng, Shaanxi
ASNAS4134
OrgChinanet SN
Coords34.2649, 108.9540
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
inetnum: 1.80.0.0 - 1.87.255.255 netname: CHINANET-SN descr: CHINANET SHAANXI PROVINCE NETWORK descr: China Telecom descr: No.56,gaoxin street descr: Beijing 100032 country: CN admin-c: XC9-AP tech-c: XC9-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-SHAANXI mnt-routes: MAINT-CHINANET-SHAANXI mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:04:55Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2024-10-17 mnt-by: MAINT-CHINANET last-modified: 2024-10-17T03:10:56Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2024-10-17 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-10-17T03:11:15Z source: APNIC person: Xianghong Cao address: Shanxi provice data communication Bureau address: 185# zhuque Road address: Xi'an city, Shanxi provice 710061 country: CN phone: +8629-523-3633 fax-no: +8629-522-8093 e-mail: [email protected] nic-hdl: XC9-AP mnt-by: MAINT-CHINANET last-modified: 2017-03-17T01:44:04Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 1 month ago
Appeared in 21 threat reports