IOC Radar
IPMediumSignal 100/100

183.134.104.173

Location
ChinaChina
Hangzhou, Zhejiang
ASN
AS4134
Chinanet
First Seen
Oct 4, 2020
Last Seen
Jun 8, 2026
Oct 4
First Seen
2089d ago
Jun 8
Last Seen
16d ago
25
Reports
source reports
99%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

69 techniques

Network Information

CountryCNChina
RegionHangzhou, Zhejiang
ASNAS4134
OrganizationChinanet

IP Category

VPN
VPN exit node

Feed Intelligence Summary

25 reports99% confidence
25
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotapacheapache attackerasiaattackattack source ipattacker ipattacker ipsattacker-ipaustraliabad reputationbad web botblacklisted ip addressblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2certchinacisco devicecisco exploitation attemptcisco exploitation attemptscncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised credentials attemptcompromised hostconpot honeypotcowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase brute forcedatabase probingdatabase securityddosddos attackddos attacksddos probedecoy systemdenial of servicedevice managementdionaea honeypotdionaea payloadsdistributed attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeuropeexploitexploit attemptexploit scanexploitation activityexploitation attemptexploited hostexposed services exploitationexternal scanexternal threatfattfatt detectionsfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap eventshoneytrap honeypothttp attackhttp brute forcehttp probehttp scannerhttps probeics securityidentity & access exploitationindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot device targetingiot securityiot/ics attackipphoney honeypotlamplamp server probelateral movementlcialoginlogin attacklogin attemptlogin attemptsmailoney eventsmailoney honeypotmalaysiamalicious activitymalicious network activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmanualmasscanmirai botnetmssqlnetworknetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnmapnorth americaoceaniap0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappolandpossible botnet activitypotential malware deploymentpotential malware distributionprocess injectionprotocol exploitationransomwarereconnaissanceredis honeypotremote accessremote access attackremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventsservice enumerationservice scansftp activitysftp attacksftp probingsingaporesip brute forcesip scanningsmb brute forcesmtpsmtp attacksmtp brute forcesmtp probingsocial engineeringsocradarsocradar honeypotspamssh attackssh monitoringsuricata alertssynt-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner eventstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunauthorized scanningunidentified threat actorunited kingdomunited statesvoipvoip attackvpnvpn ipweb app attackweb application attackweb application attacksweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
25
Reports
First seenOct 4, 2020
Last seenJun 8, 2026
GeolocationCN
CountryChina
LocationHangzhou, Zhejiang
ASNAS4134
OrgChinanet
Coords29.8683, 121.5440
VPN

VirusTotal

Not checked

WHOIS

description
2024-11-14T16:22:31.563Z Honeypot : Tanner : Source: 183.134.104.173 : Port: 80 Post Data: {'response': {'message': {'detection': {'type': 1, 'version': '0.6.0', 'name': 'index', 'order': 1}, 'sess_uuid': '5a43576c-1dfe-4ebe-926e-595c62d944ce'}}, 'version': '0.6.0'}

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 16 days ago
Appeared in 25 threat reports