IPMediumSignal 100/100

`101.91.107.40`

Location

Guatemala

Shanghai, Shanghai

ASN

AS4811

Chinanet SH

First Seen

Jul 22, 2024

Last Seen

Aug 5, 2025

Jul 22

First Seen

699d ago

Aug 5

Last Seen

320d ago

Reports

source reports

99%

Confidence

medium

Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

80 techniques

Network Information

Country

Guatemala

RegionShanghai, Shanghai

ASNAS4811

OrganizationChinanet SH

Feed Intelligence Summary

13 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseaccessaccess controlackack scanactionactive scanningadbadbhoney honeypotapiattackbanner grabbing attemptbotnetbrute forcebrute force attackbrute force ftpbrute force sshc2certchinaciscocisco activitycisco attackcisco devicecisco exploitation attemptcitrix exploitation attemptscitrix securitycncommand and controlcommand executioncommentcommunication protocolconfigconnectconnect scanconpotconpot activityconpot honeypotcowriecowrie activitycowrie honeypotcowrie ssh honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdatabase probingdatabase securityddosddos attemptddos mitigationdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdistributed attacksemailenterprise networkingenterprise securityenumerationexploitexploit attemptexploitationexternal scanextortionfinfin port scanfin scanfirewall detectionfirewall evasionftp attackftp brute forcefull connect scangithubgroupsgtheralding activityhoneytrap activityhoneytrap honeypothttphttp brute forcehttp probehttp scanninghttpshttps probehttps scanninghuntericmpics securityimagesimap brute forceindicatorindustrial control systemsinfoinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinternal scaniot/ics attackipphoney honeypotlamplamp attacklamp exploitationlamp exploitation attemptslamp server targetinglamp stack attacklateral movementlinuxmailoney activitymailoney honeypotmalicious activitymalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturemalware hostingmanualmass port scanmass scanningmass scanning activitymysql brute forcenetworknetwork anomaly detectionnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynull port scannull scanopen port detectionopen port enumerationopen port identificationopen portsos detectionos fingerprintingpassword attackpassword attackspassword crackingphishingphishing attackphishing trappingpngpop3 brute forcepossible malware distributionpossible malware probingpossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpotential intrusion attemptpotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingprocess injectionprotocol exploitationpythonransomwarereconnaissancereconnaissance activityredis honeypotredishoneypotremote accessremote servicesresearchedresource hijackingrtbhscanscannerscanning activityscriptscripting attackssecurity policysentrypeer botnetserverserver exploitationservice detectionservice discoveryservice enumerationservice exploitationservice version detectionsftpsftp activitysftp attacksipsip brute forcesip scanningslugsmb scanningsmtp brute forcesmtp probingsocial engineeringsocradarsql injection attemptsshssh attackssh monitoringstealthstealth scansurface websynsyn port scansyn scansystem disruptiont1005t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1048t1053t1055t1057t1059t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1078t1078.004t1082t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204t1204.002t1205t1213t1486t1490t1496t1497t1498t1499.001t1499.002t1499.003t1505.004t1539t1550t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1588t1588.002t1589t1589.001t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner honeypottargeted scantcptcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreatthreat actorthreat detectionthreat intelligencethreat preventionudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized scanningunited statesuser enumerationvalidatorvoipvoip attackvulnerability scanweb application scanningweb attackweb exploitationweb shell uploadxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Aug 5Aug 5

Threat Activity Heatmap

· Peak: 2025-08-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenJul 22, 2024

Last seenAug 5, 2025

GeolocationGT

CountryGuatemala

LocationShanghai, Shanghai

ASNAS4811

OrgChinanet SH

Coords31.2304, 121.4740

VirusTotal

Not checked

WHOIS

description: 2025-01-18T12:56:56.000Z Honeypot : Redishoneypot : Source: 101.91.107.40 : Port: 6379 Action: info Message:

`101.91.107.40`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey