IOC Radar
IPMediumSignal 53/100

119.96.223.148

Location
ChinaChina
Shizishan, Hubei
ASN
AS58563
Chinanet HB
First Seen
Jun 2, 2025
Last Seen
Jun 13, 2026
Jun 2
First Seen
386d ago
Jun 13
Last Seen
10d ago
15
Reports
source reports
53%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

62 techniques

Network Information

CountryCNChina
RegionShizishan, Hubei
ASNAS58563
OrganizationChinanet HB

Feed Intelligence Summary

15 reports53% confidence
15
Source reports
53%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanninganomalous network connectionsapache http serveraptasiaattackattack_vector: brute_forceauthentication attacksauthentication failureauthentication-attemptsauthentication_attackautomated attacksback orificebad reputationbad web botblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationc2 serverchinachina mobilecisco devicecisco exploitationcloud infrastructurecloud infrastructure attackcloud servicescncolumnscommand and controlcommand injectioncommunication protocolcompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemscowrie honeypotcredential accesscredential stuffingcredential-stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptdata theftdatabase securityddosddos attackddos attacksddos probeddwrtdecoy systemdenial of servicedenial-of-service attemptdevice managementdigital oceandionaea honeypotdistributed attacksenterprise networkingenumerationeuropeexploitexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostfailed login attemptsfattfinlandfranceftpftp attackftp brute forcegermanygpongpon rcehackinghardcoded credentialshk abusehandlerhoneynet connecthoneytrap honeypothong konghttp attackhttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usindiaindicatorinjection attacksinternet of thingsintrusion detectioniociot attackiot botnetiot device targetingiot securityiot targetediot/ics attacklamplamp exploitation attemptlamp server targetinglamp stack exploitationlamp stack targetinglateral movementlinux-server-attackslog4jloginlogin attacklogin attemptlogin attemptslogin_attackmailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious loginmalicious network activitymalicious payload attemptmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware distributionmirai botnetnetgearnetgear rcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americap0fpassword attackpassword attackspassword-guessingpgp signphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationprotocol: telnetrcereconnaissancereconnaissance activityremote accessremote access attemptremote code executionremote servicesremote_accessresearchedresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetservice scansftp access attemptsftp access attemptssftp attackshellsmb brute forcesmtpsmtp brute forcesmtp scanningsocradar honeypotsora botnetspamsql injection attemptsshssh attackssh monitoringsystembcsystembc botnett1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.002t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1550t1552.001t1563t1565t1566t1573t1573.001t1589t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttpotudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunited statesus abuseus nonevoipvoip attackvultrweb app attackweb application attackweb camera vulnerabilityweb exploitationweb trafficzgrab scanner

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
15
Reports
First seenJun 2, 2025
Last seenJun 13, 2026
GeolocationCN
CountryChina
LocationShizishan, Hubei
ASNAS58563
OrgChinanet HB
Coords30.5454, 114.3420

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 15 threat reports