IPMediumSignal 100/100
103.56.61.144
Location
ChinaZhenjiang, Jiangsu
ASN
AS4837
Zhenjiang Guangyuan Network Technology Co., Ltd.
First Seen
Aug 18, 2022
Last Seen
Aug 5, 2025
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionZhenjiang, Jiangsu
ASNAS4837
OrganizationZhenjiang Guangyuan Network Technology Co., Ltd.
Feed Intelligence Summary
25 reports99% confidence
25
Source reports
99%
Confidence score
Category tags
abuseacademic institutionsaccess controlaccount discoveryackack scanactive scanningakamaiasn1alaskaapacheapache attackerapplication layer protocolasiaattackauthentication attacksauthentication attemptsautomated attackbanner grabbing attemptblacklist candidateblacklisted ipbotnetbrazilbrute forcebrute force attackbrute force attacksc2certcitrix securitycivil servicescommand and controlcommunication protocolcommunication technologiesconnect scancowrie honeypotcredential accesscredential harvestingcredential stuffingcubadata aggregationdata exfiltrationdatabase exploitationddos attacksddos attemptdecoy systemdenial of servicedionaea honeypotdistributed attackseducational resourceseducational serviceseducational technologyelectronic health recordsenterprise securityenumerationenumeration attempteuropeexploit attemptexploit targetingexploitationexploitation of privilegeexternal scanfail2ban triggeredfinfin port scanfin scanfirewall detectionfirewall detection probefirewall evasionfirewall probingftpftp attacksftp brute forcegeoipghostgooglegovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshigher educationhoneytrap honeypothospital managementhttp brute forcehttp probehttp scannerhttp scanninghttpshttps probehttps scanningicmp scanimap brute forceindicatorindonesiainformation gatheringinformation technologyinfrastructure communicationinitial accessinternal scaninternet of thingsintrusion detectioniot botnetiot/ics attackit infrastructurek-12 educationlamplateral movementlevel3login attemptsmaimon scanmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware hostingmanualmass scanningmass scanning activitymasscanmassive port scanmediamedical servicesmexicominimirai botnetmobile carriersmobile networksmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork mappingnetwork monitoringnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnmapnmap scannorth americanull port scannull scanopen port detectionopen port enumerationos detectionos fingerprintingos fingerprinting attemptpassword attackspassword crackingpatient carephishing attackpop3 brute forceportscannerspossible botnet activitypossible malicious activitypossible malware distributionpossible malware probingpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpotential attack vectorpotential exploit targetingpotential intrusionpotential intrusion attemptpotential reconnaissance activitypotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprobing activityprocess injectionprotocol exploitationprotonproxypublic administrationpublic infrastructurepublic policypublic urlreconnaissancereconnaissance activityregulatory agenciesremote accessremote access attemptsremote servicesresearchedscanscannerscanning activityscripting attackssecurity eventsecurity operationssecurity policysecurity probingservice detectionservice discoveryservice enumerationservice probingservice version detectionseznamsftp attacksip scanningsmb scanningsmtpsmtp attackersmtp brute forcesocial engineeringsocradarsoftware developmentsql injection attemptssh attackssh monitoringstealthstealth scanstealth scan techniquessynsyn port scansyn scansystem administrationsystem discoveryt1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1040t1041t1046t1048t1053t1055t1056.001t1057t1059t1059.001t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1083t1087t1087.001t1087.002t1087.003t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1189t1190t1203t1204t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1539t1562t1563t1565t1566t1566.001t1566.002t1566.003t1583t1588t1588.002t1589t1589.001t1589.002t1590t1590.002t1592t1592.004t1595t1595.001t1595.002t1595.003tannertargeted scantcp protocoltcp scantcp scanningtelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontsectwitterudp port scanudp scanukraineunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized network activityunauthorized probingunauthorized scanningunited kingdomunited statesunknown threat actorunsolicited network probeunsolicited port accessus-akuser enumerationvalid accountsversion detectionvnc protocolvulnerability scanweb attackweb exploitationweb server exploitationweb shell uploadweb trafficwin32 malwarewindow scanwindows malwarexmasxmas port scanxmas scanzmap
Activity Timeline
Aug 5Aug 5
Threat Activity Heatmap
· Peak: 2025-08-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
25
Reports
First seenAug 18, 2022
Last seenAug 5, 2025
GeolocationCN
CountryChina
LocationZhenjiang, Jiangsu
ASNAS4837
OrgZhenjiang Guangyuan Network Technology Co., Ltd.
Coords32.1896, 119.4250
VirusTotal
Not checked
WHOIS
- description
- Port Scan 2024-02-02T23:26:41.000Z -> 103.56.61.144 scanned port 4800 on one of our servers
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 10 months ago
Appeared in 25 threat reports