IOC Radar
IPMediumSignal 55/100

175.12.108.55

Location
ChinaChina
Qingyuan, Hunan
ASN
AS151823
Chinanet HN
First Seen
Mar 13, 2025
Last Seen
Jun 5, 2026
Mar 13
First Seen
470d ago
Jun 5
Last Seen
21d ago
26
Reports
source reports
55%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryCNChina
RegionQingyuan, Hunan
ASNAS151823
OrganizationChinanet HN

Feed Intelligence Summary

26 reports55% confidence
26
Source reports
55%
Confidence score
Category tags
abuseaccess attemptaccess attemptsaccess controlaccount compromiseactive scanactive scanninganomalous network connectionsapacheapache attackeraptasiaattackattack sourceattack source ipattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication failuresauthentication logsauthentication-attemptsauthentication_failuresautomated attackautomated attacksautomated attemptsautomated threatautomated threat detectionbad reputationbad web botbanner-grabbingblacklisted ipblock listblock.txtblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebrute-force-ftpbrute-force-sshbrute-force-webbruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco device attackcisco exploitation attemptcloud infrastructurecloud infrastructure attackcloud servicescncode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommand-injectioncommunication protocolcommunity-sharedcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie datacowrie honeypotcredential accesscredential attackcredential attackscredential guessingcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingcredential_stuffingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice compromise attemptsdevice managementdictionary attackdirectory-bruteforcedistributed attacksenterprise networkingenumerationenv-huntingeuropeexecutable fileexploitexploit attemptexploit attemptsexploitation activityexploitation attemptsexploitation of privilegeexploited hostexport-to-otxexternal ipfail2ban alertsfail2ban blockedfail2ban blocked ipsfail2ban eventfailed authenticationfailed loginfailed login attemptsfilefinlandfranceftpftp brute forceftp brute-forcegb-originating trafficgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationimap brute forceindicatorinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot targetedipv4lamplamp server targetinglamp stacklamp stack targetinglateral movementlcialinux server targetinglinux systemslinux-server-attackslogin attacklogin attemptlogin attemptslogin brute forcelogin securitymalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ip addressesmalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware distributionmispnetworknetwork accessnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork trafficnetwork traffic analysisnginxnorth americaoceaniaopportunistic attackpassword attackpassword attackspassword sprayingpassword-guessingpassword_guessingpgp signphishingphishing attackpolandport-scanport-scanningpossible botnet activitypossible brute forcepossible malware distributionprocess injectionproject_gifted1protocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote service exploitationremote servicesremote_accessresearchresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysentrypeer activitysentrypeer botnetservice enumerationservice scansftp attacksftp attackssftp exploitation attemptsshell command executionsingaporesipsip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotspamsql-injectionsshssh attackssh bruteforcessh monitoringssh-bruteswedensyn scansystem administrationt-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1486t1496t1499.001t1499.002t1499.003t1550.002t1552.001t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1588.004t1589t1590t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetraffic from gbudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunited kingdomunited statesunknown threat actorus abuseus nonevoidtrapvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application scanweb attackweb exploitationweb serversweb spamweb trafficworker_strike

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
26
Reports
First seenMar 13, 2025
Last seenJun 5, 2026
GeolocationCN
CountryChina
LocationQingyuan, Hunan
ASNAS151823
OrgChinanet HN
Coords28.2000, 112.9667

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force SSH on Vultr Melbourne (Australia) honeypot
raw
inetnum: 175.0.0.0 - 175.15.255.255 netname: CHINANET-HN descr: CHINANET HUNAN PROVINCE NETWORK descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: CH93-AP tech-c: CH636-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-HN mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:04:51Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-09-04T00:59:42Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC role: CHINANET HUNAN address: No.1 TuanJie road,ChangSha,Hunan 410005 country: CN phone: +86 731 4792092 fax-no: +86 731 4792007 e-mail: [email protected] remarks: send spam reports to [email protected] remarks: and abuse reports to [email protected] remarks: Please include detailed information and remarks: times in UTC admin-c: CH632-AP tech-c: CS499-AP nic-hdl: CH636-AP mnt-by: MAINT-CHINANET-HN last-modified: 2020-07-02T13:36:27Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 21 days ago
Appeared in 26 threat reports