IOC Radar
IPMediumSignal 51/100

154.213.185.230

Location
JapanJapan
Tokyo, Noord-Holland
ASN
AS54801
Zillion Network Inc
First Seen
Aug 6, 2024
Last Seen
Jun 7, 2026
Aug 6
First Seen
673d ago
Jun 7
Last Seen
4d ago
32
Reports
source reports
51%
Confidence
medium
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

72 techniques

Network Information

CountryJPJapan
RegionTokyo, Noord-Holland
ASNAS54801
OrganizationZillion Network Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

32 reports51% confidence
32
Source reports
51%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningalienvault_ransomwareanonymity network abuseantispamasiaattackauthentication bypassauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute_forcecertcisacisa advisorycode executioncommand and controlcommand executioncommand injectioncontactcredential accesscredential harvestingcredential stuffingcredential_accesscve-20cybercyboxd brokerdbdata exfiltrationdata store exposuredb brokerdb accessdecoy systemdistributed attackseuropeexfiltrationexit nodeexploitation activityexploitation of pgpasswordfileobjfireholftpftp brute forcegogogsbadmin credential compromisehashhasheshong konghttp brute forceidentity & access exploitationindicatorindustries/all industriesinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinstallipv4ivanti cloudivanti connect secureivanti epmmivanti policy securejapanlateral movementlocallog4jlogin attemptmalicious activitymalicious downloadmalicious softwaremalwaremalware distributionmanualmatrixnetherlandsnetworknetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork trafficnetwork_reconnaissancenlobjectpassword attackpassword attackspersistence mechanismspgpasswordpgsqlpwphishingphishing attackprivilege escalationprocess injectionprotocol exploitationproxyproxy abusepsexecpythonransomwarerce vulnerabilityreconnaissanceredacted gsbremote accessremote code executionremote servicesresearchedscannersecurity policyseychellessmallsocial engineeringsocradar honeypotsoftware exploitationspamssh attackstixstrongsyn scant1003t1003.001t1016t1016.001t1018t1021t1021.001t1021.004t1027t1027.003t1040t1046t1047t1053t1053.005t1055t1059t1059.001t1059.004t1068t1071t1071.001t1071.002t1071.004t1076t1078t1078.004t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1199t1203t1204.002t1210t1219t1486t1496t1499.002t1499.003t1505t1505.003t1543.003t1547.001t1548t1550.002t1552t1555.003t1556t1563t1564t1565t1566t1566.001t1566.002t1566.003t1572t1587.001t1588t1588.004t1590.001t1595t1595.001t1595.002t1595.003tcp scantelnet threattextthreatthreat actorthreat intelligencethreat preventionthreattype/credential theftthreattype/remote code executionthreattype/vulnerability exploitationthreattype/webshell deploymenttitletoolstortor activitytor exittor exit nodetor networktor nodeu gsbadminudp scanunauthorized access attemptsupgradeusvulnerabilitiesvulnerability scanwebshell deploymentzerozero-day vulnerability

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
32
Reports
First seenAug 6, 2024
Last seenJun 7, 2026
GeolocationJP
CountryJapan
LocationTokyo, Noord-Holland
ASNAS54801
OrgZillion Network Inc
Coords22.2578, 114.1657
Proxy

VirusTotal

Not checked

WHOIS

description
https://check.torproject.org/torbulkexitlist
raw
Socket not responding: timed out
references
https://check.torproject.org/torbulkexitlist, https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a, https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications_0.pdf, https://www.ic3.gov/CSA/2025/250122.pdf, https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications.pdf, https://iplists.firehol.org/?ipset=tor_exits, https://github.com/telekom-security/tpotce, Exit_Nodes.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 days ago
Appeared in 32 threat reports