IPMediumSignal 100/100
154.213.184.18
Location
JapanTokyo, Tokyo
ASN
AS54801
Zillion Network Inc
First Seen
Sep 16, 2020
Last Seen
Dec 9, 2025
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryJapan
JapanRegionTokyo, Tokyo
ASNAS54801
OrganizationZillion Network Inc
Feed Intelligence Summary
26 reports99% confidence
26
Source reports
99%
Confidence score
Category tags
abuseaccess controlackack scanactive scanningapacheapache attackerapplication scanningasiaattackbanner grabbing attemptbotnetbrute forcebrute force attackbrute force attacksbrute force attemptsc2certcisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitation attemptscitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycommand and controlcommunication protocolconnect scancowrie activitycowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase exploitationddosddos attemptdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdionaea interactionsdistributed attacksenterprise networkingenterprise securityenumerationenumeration activityenumeration attempteuropeexploit attemptexploitationexploitation of privilegeexternal network scanexternal scanfinfin port scanfin scanfirewall detectionfirewall detection probefirewall evasionfirewall probingftpftp brute forcefull connect scanhoneytrap honeypothttp brute forcehttp probehttp scannerhttp scanninghttps probehttps scanningicmpicmp scanids evasionimap brute forceindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinternal scanjapanlamplamp attacklamp attack attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp stack attacklamp stack targetinglateral movementmaimon scanmalicious activitymalicious payloadmalicious softwaremalwaremalware attemptmalware behaviourmalware capturemalware hostingmanualmass port scanmass port scanningmass scanningmass scanning activitymasscanmasscan activitymassive port scannetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnlnmapnmap scannmap scan detectednorth americanull port scannull scanopen port detectionopen port discoveryopen port enumerationopen port identificationopen portsos detectionos fingerprintingos fingerprinting attemptpassword attackpassword attacksphishing attackpop3 brute forcepossible malicious activitypossible malware distributionpossible malware probingpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpotential attack vectorpotential botnet activitypotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprobing activityprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote service exploitationremote servicesresearchedromaniascanscannerscanning activityscripting attackssecurity eventsecurity policysecurity probingservice detectionservice discoveryservice enumerationservice version detectionsftp access attemptssftp attacksip scanningsmb scanningsmtp brute forcesocial engineeringsocradarsql injection attemptssh attackssh login-attemptssh monitoringstealthstealth scanstealth scan techniquessweep scansynsyn port scansyn scant1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1048t1055t1057t1059t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.004t1083t1087t1087.001t1087.002t1087.003t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1199t1203t1204t1204.002t1205t1210t1213t1486t1496t1499.001t1499.002t1499.003t1539t1562t1563t1565t1566t1566.001t1566.002t1566.003t1583t1587.001t1588t1588.002t1589t1589.001t1589.002t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003tannertargeted scantcp protocoltcp scantcp scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventionudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized network activityunauthorized probingunauthorized scanningunited statesunsolicited network probeuser enumerationversion detectionvulnerability scanweb application attacksweb attackweb exploitationweb server exploitationweb shell uploadweb trafficwindow scanxmasxmas port scanxmas scanzmap
Activity Timeline
Dec 9Dec 9
Threat Activity Heatmap
· Peak: 2025-12-09LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
26
Reports
First seenSep 16, 2020
Last seenDec 9, 2025
GeolocationJP
CountryJapan
LocationTokyo, Tokyo
ASNAS54801
OrgZillion Network Inc
Coords35.6893, 139.6899
VirusTotal
Not checked
WHOIS
- description
- 2024-11-17T23:26:03.000Z Honeypot : Honeytrap : Source: 154.213.184.18 : Port: 1085 Message: {'payload': {'md5_hash': '82392921c5b25933f01ed6bd45ef3814', 'sha512_hash': 'd2288cca528c25321fd155441d198170caeb170d63261e5923886298038592a00172c7df5dd2b45f2e3df9a390028bfb6977e500a4c02dac5885854a7775120a', 'length': 9, 'data_hex': '040101bb5db8d70e00'}, 'protocol': 'tcp'}
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 6 months ago
Appeared in 26 threat reports