IOC Radar
IPMediumSignal 67/100

171.12.10.185

Location
ChinaChina
Guancheng, HA
ASN
AS4134
Chinanet HA
First Seen
Jan 28, 2021
Last Seen
Apr 23, 2026
Jan 28
First Seen
1960d ago
Apr 23
Last Seen
49d ago
10
Reports
source reports
67%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

6 techniques

Network Information

CountryCNChina
RegionGuancheng, HA
ASNAS4134
OrganizationChinanet HA

Feed Intelligence Summary

10 reports67% confidence
10
Source reports
67%
Confidence score
Category tags
abuseactive scanactive scanningasiabad reputationbrute forcebrute force attackerchinacnddosdenial of serviceexploitation activityexploited hosthackingindicatornetworkportscanreconnaissanceresearchedscannerscannersservice scant1190t1203t1499.001t1595.001t1595.002t1595.003vultrweb application attackweb exploitation

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
10
Reports
First seenJan 28, 2021
Last seenApr 23, 2026
GeolocationCN
CountryChina
LocationGuancheng, HA
ASNAS4134
OrgChinanet HA
Coords34.4553, 113.0281

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 171.8.0.0 - 171.15.255.255 netname: CHINANET-HA descr: CHINANET henan province network descr: henan Telecom Corporation descr: 97 # Zhongyuan Street, Zhengzhou,henan,China country: CN admin-c: HZ149-AP tech-c: HZ149-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: Henan Telecom Corporation hostmaster mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-HA mnt-routes: MAINT-CHINANET-HA mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:58Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-11-13 mnt-by: MAINT-CHINANET last-modified: 2026-03-13T07:12:20Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-11-13 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-11-13T14:15:15Z source: APNIC person: Hongbiao Zhang nic-hdl: HZ149-AP e-mail: [email protected] address: 97# Zhongyuan Street, Zhengzhou City, China phone: +86 371 65310018 fax-no: +86 371 65310015 country: CN mnt-by: MAINT-CHINANET-HA last-modified: 2008-09-04T07:29:40Z source: APNIC
references
https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 1 month ago
Appeared in 10 threat reports