IOC Radar
IPMediumSignal 64/100

140.249.181.31

Location
ChinaChina
Jinan, Shandong
ASN
AS58541
Chinanet SD
First Seen
Dec 31, 2024
Last Seen
May 24, 2026
Dec 31
First Seen
527d ago
May 24
Last Seen
17d ago
23
Reports
source reports
64%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

76 techniques

Network Information

CountryCNChina
RegionJinan, Shandong
ASNAS58541
OrganizationChinanet SD

Feed Intelligence Summary

23 reports64% confidence
23
Source reports
64%
Confidence score
Category tags
abuseaccess controlactive scanactive scanninganomalous network connectionsapacheapache attackerasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failuresauthentication_attemptsauto-generated securityautomated attackbad reputationbad web botbanlist feedbinary defenseblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebruteforcingc2c2 communicationc2 serverchinachina mobilecisco devicecisco exploitationcncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie honeypotcowrie honeypot datacowrie ssh attackscredential accesscredential harvestingcredential stuffingcredential stuffing attemptcredentialsctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attacksddosddos attackdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdionaea honeypotdionaea malware samplesdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostfail2ban triggeredfailed loginfailed login attemptsfattfilefinlandfranceftpftp brute forcegb_hostedgermanygithubhackinghk abusehandlerhoneynet connecthoneytrap exploit attemptshoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationimap brute forceindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectionintrusion preventioniociot securityiot targetedit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp server targetinglamp stack targetinglateral movementlogin attacklogin attemptlogin attemptslogin brute forcelow-riskmailmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware propagationmanualmod securitymysqlnetworknetwork accessnetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_reconnaissancenginxnorth americanoticeoceaniaosintp0fp0f network fingerprintingpassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trappolandpossible botnet activitypossible malware distributionpotential intrusionpotential intrusion attemptpotential malware uploadprocess injectionprotocol exploitationpythonransomwarerate limitingreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity alertsecurity operationssecurity policysensor-taggedsentrypeer botnetserverservice scansftpsftp access attemptsftp access attemptssftp attacksftp exploit attemptslugsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringsurface websuricata alertst1003t1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110 credential accesst1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpottpotceudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunited kingdomunited statesus abuseus nonevoipvoip attackvulnerability scanweb application attackweb application attacksweb brute forceweb exploitationweb shell detectionweb spamweb traffic

Activity Timeline

1 total obs
May 24May 24

Threat Activity Heatmap

· Peak: 2026-05-24
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
23
Reports
First seenDec 31, 2024
Last seenMay 24, 2026
GeolocationCN
CountryChina
LocationJinan, Shandong
ASNAS58541
OrgChinanet SD
Coords36.6683, 117.0210

VirusTotal

Not checked

WHOIS

description
IPV4 hosts detected attempting to brute force SSH on private honeypot
references
https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 17 days ago
Appeared in 23 threat reports