IOC Radar
IPMediumSignal 84/100

183.134.104.170

Location
ChinaChina
Hangzhou, Zhejiang
ASN
AS4134
Chinanet
First Seen
Aug 26, 2020
Last Seen
Jun 12, 2026
Aug 26
First Seen
2126d ago
Jun 12
Last Seen
10d ago
28
Reports
source reports
84%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryCNChina
RegionHangzhou, Zhejiang
ASNAS4134
OrganizationChinanet

Feed Intelligence Summary

28 reports84% confidence
28
Source reports
84%
Confidence score
Category tags
access controlaccount compromiseactive scanactive scanningadbhoney honeypotaerospace & defenseapplication layer protocolaptasiaattackaustraliaauthentication attemptautomotive manufacturingbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptc&c communicationc2 serverchinacisco devicecisco device attackcisco exploitationcivil servicescloud infrastructurecloud infrastructure attackcloud servicescncode executioncommand & controlcommand and controlcommand executioncommunication protocolcompromised hostcompromised hostsconnected devicesconpot activityconpot attacksconpot honeypotconpot interactioncowrie activitycowrie attackscowrie datacowrie honeypotcowrie interactioncowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaea activitydionaea honeypotdionaea interactionsdistributed attacksdnsdns attackdnsserverelasticpot honeypotelasticsearch monitoringelectronics manufacturingenterprise networkingexploitexploit attemptexploitation activityexploitation attemptsexploitation of privilegeexploited hostfattfraud voipftpftp brute forceftp brute-forcegovernment technologyhackingheralding activityhoneytrap honeypothttp brute forcehttp scannerhttp scanningics securityics/scada attackidentity & access exploitationindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninformation gatheringinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot analyticsiot applicationsiot botnetiot platformsiot securityiot targetediot/ics attackipphoney honeypotkazakhstankaznetlamplamp exploit attemptslamp exploitationlamp exploitation attemptslamp stack attacklamp stack targetinglamp vulnerability exploitationlateral movementlateral movement attemptloginlogin attemptmailoney honeypotmalicious activitymalicious email detectionmalicious payload detectionmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware communicationmalware distributionmanufacturing technologymilitary operationsmirai botnetnational securitynetworknetwork attacksnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnextrayoceaniap0fpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trapphp exploitping of deathpossible botnet activitypossible malware distributionpossible malware infectionpossible mirai variantpossible reconnaissance activityprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissanceredis honeypotredishoneypot activityregulatory agenciesremote accessremote access attemptremote service exploitationremote servicesresearchedresource hijackingrtbhscams & fraudscanscannerscannersscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer sip attacksserver exploitationservice scansftp access attemptsftp access attemptssftp activitysftp attacksftp attemptssftp probingsip brute forcesip scanningsip vulnerability scanslugsmart devicessmtpsmtp brute forcesmtp probingsmtp traffic analysissocial engineeringsoftware exploitationspamsql injectionssh attackssh monitoringsupply chain attacksupply chain managementsurface webt1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1583t1583.001t1583.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp/3306telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottraffic analysisudp port scanudp/161unauthorized accessunauthorized access attemptunauthorized login attemptsvnc protocolvoipvoip attackvulnerability scanweb app attackweb application attackweb attackweb exploitationweb scannerweb spamweb traffic

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
28
Reports
First seenAug 26, 2020
Last seenJun 12, 2026
GeolocationCN
CountryChina
LocationHangzhou, Zhejiang
ASNAS4134
OrgChinanet
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
Information from proprietary sensors in the KazNET
raw
inetnum: 183.128.0.0 - 183.143.255.255 netname: CHINANET-ZJ-ZX descr: CHINANET-ZJ Zhongxin node network descr: Zhejiang Telecom country: CN admin-c: CZ4-AP tech-c: CZ4-AP abuse-c: AC1602-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-CHINANET-ZJ mnt-lower: MAINT-CN-CHINANET-ZJ-ZX mnt-irt: IRT-CHINANET-ZJ last-modified: 2021-06-24T08:01:46Z source: APNIC irt: IRT-CHINANET-ZJ address: Hangzhou, 288 fucun Road, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CZ61-AP tech-c: CZ61-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET-ZJ last-modified: 2025-04-24T05:53:54Z source: APNIC role: ABUSE CHINANETZJ country: ZZ address: Hangzhou, 288 fucun Road, China phone: +000000000 e-mail: [email protected] admin-c: CZ61-AP tech-c: CZ61-AP nic-hdl: AC1602-AP remarks: Generated from irt object IRT-CHINANET-ZJ remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T05:55:18Z source: APNIC role: CHINANET ZHEJIANG address: No. 257 Qingjiang Road, Hangzhou, Zhejiang.310066 country: CN phone: +86-571-86821752 fax-no: +86-571-86988329 e-mail: [email protected] remarks: send spam reports to [email protected] remarks: and abuse reports to [email protected] remarks: Please include detailed information and times in UTC admin-c: CZ61-AP tech-c: CZ61-AP nic-hdl: CZ4-AP mnt-by: MAINT-CHINANET-ZJ last-modified: 2023-08-11T08:33:28Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://threats.kz, https://jamesbrine.com.au/vultrparis-snmp-bruteforce-ip-list-2024-05-08/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrwarsaw-snmp-bruteforce-ip-list-2024-05-08/, https://jamesbrine.com.au/vultrmadrid-snmp-bruteforce-ip-list-2024-05-08/, https://jamesbrine.com.au/vultrparis-snmp-bruteforce-ip-list-2024-04-10/, https://jamesbrine.com.au/vultrwarsaw-snmp-bruteforce-ip-list-2024-04-10/, https://jamesbrine.com.au/vultrmadrid-snmp-bruteforce-ip-list-2024-04-10/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 10 days ago
Appeared in 28 threat reports