IOC Radar
IPMediumSignal 77/100

118.123.105.93

Location
ChinaChina
Chengdu, Sichuan
ASN
AS38283
Chinanet SC
First Seen
Aug 15, 2023
Last Seen
Jun 18, 2026
Aug 15
First Seen
1046d ago
Jun 18
Last Seen
8d ago
30
Reports
source reports
77%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

88 techniques

Network Information

CountryCNChina
RegionChengdu, Sichuan
ASNAS38283
OrganizationChinanet SC

Feed Intelligence Summary

30 reports77% confidence
30
Source reports
77%
Confidence score
Category tags
abuseaccount discoveryackack scanactive scanningadbhoney honeypotalaskaapacheapache attackerapplication layer protocolapplication scanningaptasiaattackbackdoorbanner grabbing attemptblacklisted ipbotnetbotnet activitybrazilbrute forcebrute force attackbrute force attacksbrute force attemptsc2c2 communicationcertchinacisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitation attemptscitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycncode executioncommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostcompromised websiteconnect scanconpot honeypotcowrie activitycowrie honeypotcowrie interactionscowrie loginscredential accesscredential harvestingcredential stuffingcve exploitation attemptdata encryptiondata exfiltrationdatabase attacksdatabase exploitationdatabase exploitation attemptsdatabase securityddos attemptdecoy systemdenial of servicedevice managementdionaea activitydionaea capturedionaea honeypotdionaea interactionsdirectory traversaldistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingenterprise securityenumerationenumeration attemptexploitexploit attemptexploit attemptsexploit deliveryexploit targetingexploitationexploitation attemptsexploitation of privilegeexternal network scanexternal scanextortionfinfin port scanfin scanfirewall detectionfirewall evasionftpftp attacksftp brute forcefull connect scanhoneytrap honeypothttp brute forcehttp probehttp probinghttp scannerhttp scanninghttpshttps probehttps scanningicmpicmp scanics securityimap brute forceindicatorindustrial control systemsinformation gatheringingress tool transferinitial accessinjection attacksinput validationintrusion attemptintrusion detectioniociot/ics attacklamplamp attacklamp attack attemptlamp exploitationlamp exploitation attemptslamp stack attacklamp stack targetinglateral movementload balancermailoney honeypotmaimon scanmalicious activitymalicious filemalicious linksmalicious object detectionmalicious payloadmalicious payload deliverymalicious scanmalicious softwaremalwaremalware attemptmalware behaviourmalware capturemalware distributionmalware download attemptmalware probesmalware propagationmanualmass port scanmass scanningmass scanning activitymasscanmasscan activitymassive port scanmassive scanningnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnmapnmap scannmap scan detectednorth americanull port scannull scanopen port detectionopen port enumerationopen port identificationopen portsoperating system detectionos detectionos fingerprintingpassword attackpassword attackspassword crackingphishingphishing attackphishing campaignphishing trapphishing urlpop3 brute forceportscannerspossible malicious activitypossible malware distributionpossible malware probingpossible reconnaissancepossible vulnerability probingpossible vulnerability scanpotential botnet activitypotential exploit targetingpotential intrusionpotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalation attemptprocess injectionprotocol exploitationransomwareransomware payloadreconnaissancereconnaissance activityredis honeypotremote accessremote service exploitationremote servicesresearchedresource developmentresource hijackingscanscannerscanning activityscripting attackssecurity eventsecurity operationssecurity probingsentrypeer botnetservice detectionservice discoveryservice enumerationservice version detectionsftp access attemptsftp access attemptssftp attacksip brute forcesmb probingsmb scanningsmtp attackssmtp brute forcesocial engineeringsocradarsoftware exploitationsql injection attemptssh attackssh attacksssh monitoringstealthstealth scanstealth scan techniquessuspected malicious activitysweep scansynsyn port scansyn scansystem administrationsystem discoverysystem disruptiont1003t1005t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1199t1203t1204t1204.001t1204.002t1205t1210t1486t1490t1496t1499.001t1499.002t1499.003t1539t1547.001t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1583t1588t1588.002t1589t1589.001t1589.002t1590t1590.002t1592t1592.004t1595t1595.001t1595.002t1595.003t1608tannertargeted scantcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetpottrojan malwaretsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized network activityunauthorized probingunauthorized scanningunited kingdomunited statesunknown threat actorunsolicited port accessus-akvalid accountsversion detectionvoipvoip attackwafweb application attacksweb attackweb exploitationweb scannerweb securityweb server exploitationweb trafficwebshell activitywindow scanxmasxmas port scanxmas scanxss

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
30
Reports
First seenAug 15, 2023
Last seenJun 18, 2026
GeolocationCN
CountryChina
LocationChengdu, Sichuan
ASNAS38283
OrgChinanet SC
Coords30.6509, 104.0760

VirusTotal

Not checked

WHOIS

description
Port Scan 2024-02-07T23:02:42.000Z -> 118.123.105.93 scanned port 7778 on one of our servers

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 8 days ago
Appeared in 30 threat reports