IOC Radar
IPMediumSignal 79/100

140.210.138.234

Location
ChinaChina
Shanghai, Shanghai
ASN
AS138421
Huawei Public Cloud Service
First Seen
May 27, 2025
Last Seen
Aug 6, 2025
May 27
First Seen
392d ago
Aug 6
Last Seen
321d ago
15
Reports
source reports
79%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Network Information

CountryCNChina
RegionShanghai, Shanghai
ASNAS138421
OrganizationHuawei Public Cloud Service

Feed Intelligence Summary

15 reports79% confidence
15
Source reports
79%
Confidence score
Category tags
abuseaccess controlactive scanningantispamasiaattackauthentication abuseauthentication attemptsback orificebotnetbrute forcebrute force attackbrute force attemptchinacommand and controlcommunication protocolconpot activityconpot honeypotcowrie datacowrie honeypotcowrie interactionscredential accesscredential stuffingdata exfiltrationdatabase exploitation attemptsdatabase securityddos attacksdecoy systemdenial of servicedionaea honeypotdionaea interactionsdistributed attacksenumerationexploitationfailed login attemptsftp brute forcehoneytrap honeypothttp scannerhttp scanningics securityindicatorindustrial control systemsinjection attacksinput validation bypassinternet of thingsintrusion detectioniociot botnetiot/ics attackipphoney activityipphoney honeypotlamplamp server attacklateral movement techniqueslog4jlogin attemptmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemirai botnetmozi botnetnetworknetwork attacksnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americapassword attackpassword attackspassword crackingpath traversalpotential exploit attemptspotential intrusionprocess injectionprotocol exploitationreconnaissanceremote code executionresearchedscanscannerscanning activityscripting attackssecurity policyservice scanningsftp activitysftp attacksora botnetsouth koreassh attackssh monitoringsystembct1021t1021.001t1021.002t1021.004t1021.005t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1199t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1555t1555.003t1565t1588t1595t1595.001t1595.002t1595.003tannertcp protocoltelnet threatthreat actorthreat detectionthreat intelligencethreat preventionunauthorized accessunauthorized access attemptunauthorized loginunited statesweb application attackweb application attacksweb application exploitationweb attackweb exploitationweb traffic

Activity Timeline

1 total obs
Aug 6Aug 6

Threat Activity Heatmap

· Peak: 2025-08-06
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
15
Reports
First seenMay 27, 2025
Last seenAug 6, 2025
GeolocationCN
CountryChina
LocationShanghai, Shanghai
ASNAS138421
OrgHuawei Public Cloud Service
Coords31.2243, 121.4690

VirusTotal

Not checked

WHOIS

description
2025-06-03T19:43:09.795Z Honeypot : Cowrie : Source: 140.210.138.234 Data: Connection lost after 60 seconds

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 months ago
Appeared in 15 threat reports