IPMediumSignal 69/100
182.37.91.149
Location
ChinaTianfu, BJ
ASN
AS4134
Chinanet SD
First Seen
Mar 25, 2026
Last Seen
May 29, 2026
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionTianfu, BJ
ASNAS4134
OrganizationChinanet SD
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
5 reports69% confidence
5
Source reports
69%
Confidence score
Category tags
active scanactive scanningasiabad web botbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforcechinacncredential accesscredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdenial of serviceexploitation activityexploited hostftp brute-forcehackingidentity & access exploitationindicatorinjection activityinjection attacksiot securityiot targetedmalwaremssqlnetworkpassword attacksphishingping of deathportscanproxyreconnaissanceresearchedscannerscannersservice scanssh attackt1059.003t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1499.001t1499.002t1595.001t1595.002t1595.003vultrweb application attackweb exploitation
Activity Timeline
May 29May 29
Threat Activity Heatmap
· Peak: 2026-05-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
5
Reports
First seenMar 25, 2026
Last seenMay 29, 2026
GeolocationCN
CountryChina
LocationTianfu, BJ
ASNAS4134
OrgChinanet SD
Coords39.9285, 116.3850
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected attempting to brute force MSSQL on Vultr Melbourne (Australia) honeypot
- raw
- inetnum: 182.32.0.0 - 182.47.255.255 netname: CHINANET-SD descr: CHINANET SHANDONG PROVINCE NETWORK descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: XR55-AP tech-c: XR55-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-SD mnt-routes: MAINT-CHINANET-SD mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:04:47Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-11-13 mnt-by: MAINT-CHINANET last-modified: 2026-03-13T07:12:20Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-11-13 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-11-13T14:15:15Z source: APNIC person: Xin Ruosheng nic-hdl: XR55-AP e-mail: [email protected] address: No.999, road Shunhua, Jinan, Shandong province,China phone: +86-531-83190000 fax-no: +86-531-83190000 country: CN mnt-by: MAINT-CHINANET-SD last-modified: 2019-12-20T07:11:49Z source: APNIC
- references
- https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-mssql-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrmelbournetest-mssql-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/vultrmelbournetest-mssql-bruteforce-ip-list-2026-04-15/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 months ago · Last seen 12 days ago
Appeared in 5 threat reports