IPMediumSignal 67/100
154.221.22.20
Location
Hong KongChai Wan, Eastern District
ASN
AS142403
Asline Limited
First Seen
Jan 8, 2026
Last Seen
May 19, 2026
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryHong Kong
Hong KongRegionChai Wan, Eastern District
ASNAS142403
OrganizationAsline Limited
Feed Intelligence Summary
19 reports67% confidence
19
Source reports
67%
Confidence score
Category tags
abuseactive scanactive scanningaptasiaattackaustraliaauthentication attemptauthentication attemptsautomated attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute-forceciscocisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscommand and controlcommunication protocolcowriecowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea honeypotenterprise networkingexploitexploitation activityexploited hostexternal port scanningexternal threatfattfileftpftp brute forceftp brute-forcehackinghkhoneytrap honeypothong konghttp brute forcehttp scannerhttpsidentity & access exploitationindiaindicatorinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot targetedlamplateral movementlogin attemptmailoney honeypotmalaysiamalicious activitymalicious file transfermalwaremalware behaviourmalware capturenetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork_reconnaissanceoceaniaopenctip0fpassword attackpassword attackspassword sprayingphishingphishing attackphishing trapping of deathprotocol exploitationransomwarereconnaissanceremote accessremote access attemptremote loginremote servicesresearchedresource hijackingscanscannerscannersscripting attackssensor-taggedsentrypeer activitysentrypeer botnetservice scanseychellessftpsftp attacksipsip brute forcesip scanningsmtp brute forcesocial engineeringsocradar honeypotspamsshssh attackssh monitoringt-pott1021t1021.001t1021.004t1040t1041t1046t1059t1059.003t1059.004t1059.007t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1566.001t1566.002t1566.003t1589t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunauthorized access attemptsunauthorized login attemptsunauthorized_activityvoipvoip attackweb application attackweb attackweb exploitationweb spamweb traffic
Activity Timeline
May 19May 19
Threat Activity Heatmap
· Peak: 2026-05-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
19
Reports
First seenJan 8, 2026
Last seenMay 19, 2026
GeolocationHK
CountryHong Kong
LocationChai Wan, Eastern District
ASNAS142403
OrgAsline Limited
Coords22.2578, 114.1657
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 154.0.0.0 - 154.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: APNIC-HM mnt-lower: APNIC-HM status: ALLOCATED PORTABLE last-modified: 2015-08-28T00:31:22Z source: APNIC mnt-irt: IRT-APNIC-AP irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 auth: # Filtered mnt-by: APNIC-HM last-modified: 2025-11-18T00:26:21Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
- references
- https://purplesynapz.com/, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 months ago · Last seen 1 month ago
Appeared in 19 threat reports