IOC Radar
IPMediumSignal 36/100

180.123.27.108

Location
ChinaChina
Xuzhou, JS
ASN
AS4134
Chinanet JS
First Seen
Apr 9, 2026
Last Seen
Apr 14, 2026
Apr 9
First Seen
66d ago
Apr 14
Last Seen
61d ago
3
Reports
source reports
36%
Confidence
medium
1/91
VirusTotal
detections
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

9 techniques

Network Information

CountryCNChina
RegionXuzhou, JS
ASNAS4134
OrganizationChinanet JS

Feed Intelligence Summary

3 reports36% confidence
3
Source reports
36%
Confidence score
Category tags
account compromiseactive scanactive scanningasiabrute forcebrute force attackchinacloud infrastructurecloud infrastructure attackcloud servicescredential accesscredential stuffingdecoy systemexploitation activityidentity & access exploitationindicatormssqlnetworknetwork scanningpassword attacksreconnaissanceresearchedresource hijackingscannerst1078t1110.001t1110.002t1110.003t1110.004t1496t1595.001t1595.002t1595.003threat intelligence

Activity Timeline

1 total obs
Apr 14Apr 14

Threat Activity Heatmap

· Peak: 2026-04-14
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
3
Reports
First seenApr 9, 2026
Last seenApr 14, 2026
GeolocationCN
CountryChina
LocationXuzhou, JS
ASNAS4134
OrgChinanet JS
Coords34.1823, 117.1519

VirusTotal

1/ 91vendors flagged
1% detection rateJun 5, 2026

WHOIS

description
IPv4 hosts detected attempting to brute force MSSQL on Vultr Melbourne (Australia) honeypot
raw
inetnum: 180.96.0.0 - 180.127.255.255 netname: CHINANET-JS descr: Chinanet Jiangsu Province Network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: CH93-AP tech-c: CJ186-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-JS mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:04:52Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-11-13 mnt-by: MAINT-CHINANET last-modified: 2026-03-13T07:12:20Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-11-13 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-11-13T14:15:15Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-87799222 e-mail: [email protected] remarks: send anti-spam reports [email protected] remarks: send abuse reports [email protected] remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: [email protected] mnt-by: MAINT-CHINANET-JS last-modified: 2022-08-05T15:34:47Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
references
https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-mssql-bruteforce-ip-list-2026-04-08/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 2 months ago
Appeared in 3 threat reports