IPMediumSignal 50/100
154.209.4.227
Location
Hong KongChai Wan, Eastern District
ASN
AS142403
Asline Limited
First Seen
Oct 4, 2020
Last Seen
Jun 6, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryHong Kong
Hong KongRegionChai Wan, Eastern District
ASNAS142403
OrganizationAsline Limited
Feed Intelligence Summary
17 reports50% confidence
17
Source reports
50%
Confidence score
Category tags
abuseaccessactionactive scanactive scanningaerospace & defenseasiaattackautomotive manufacturingbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attackscivil servicescommand and controlcommunication protocolconfigconnectcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcsscyber securitydata exfiltrationdata store exposuredatabase securitydecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydionaeadionaea honeypotdistributed attackselectronics manufacturingemailexecutable fileexploitexploit attemptsexploitation activityftpftp brute forcegithubgovernment technologygroupshkhoneytrap honeypothong kongidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninfoinjection activityiociot securitylamplinuxmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemanufacturing technologymilitary operationsnational securitynetworknetwork activitynetwork intrusion attemptsnetwork scanningnetwork securitynextraypassword attackpassword attacksphishingphishing attackphishing trappingprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policypythonquality controlreconnaissanceredis honeypotredishoneypotregulatory agenciesresearchedresource hijackingscriptsecurity operationssentrypeer botnetserversftpsftp attacksipsip brute forceslugsocial engineeringsshssh attackssh monitoringsupply chain attacksupply chain managementsurface webt1016t1018t1021t1040t1041t1046t1055t1059t1068t1071.001t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1589t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodevoipvoip attack
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
17
Reports
First seenOct 4, 2020
Last seenJun 6, 2026
GeolocationHK
CountryHong Kong
LocationChai Wan, Eastern District
ASNAS142403
OrgAsline Limited
Coords22.2578, 114.1657
VirusTotal
Not checked
WHOIS
- description
- 2025-02-12T01:23:21.000Z Honeypot : Redishoneypot : Source: 154.209.4.227 : Port: 6379 Action: Closed Message:
- raw
- inetnum: 154.0.0.0 - 154.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: APNIC-HM mnt-lower: APNIC-HM status: ALLOCATED PORTABLE last-modified: 2015-08-28T00:31:22Z source: APNIC mnt-irt: IRT-APNIC-AP irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP auth: # Filtered remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 mnt-by: APNIC-HM last-modified: 2023-08-18T00:42:38Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
- references
- https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 7 days ago
Appeared in 17 threat reports