IPMediumSignal 71/100
182.93.50.90
Location
MacaoZhuojiacun, Our Lady of Carmo
ASN
AS4609
CTM Internet Service
First Seen
May 19, 2023
Last Seen
Jun 14, 2026
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryMacao
MacaoRegionZhuojiacun, Our Lady of Carmo
ASNAS4609
OrganizationCTM Internet Service
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
31 reports71% confidence
31
Source reports
71%
Confidence score
Category tags
abuseaccess attemptaccess attemptsaccess controlaccount accessaccount brute forceaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningaggressive-detectionalaskaanomalous network connectionsapacheapache attackerapplication layer protocolaptasiaasnattackattack attemptattack sourceattack source: gbattacker-ipattackers ip addressesattempted accessattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication logsauthentication_attemptsauthentication_bypassauthentication_failuresautomated activityautomated attackautomated attacksautomated threatbad reputationbad web botblacklisted ipblock listblock.txtblocked addressesblocked ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcbrute-forcebrute_forcebruteforcec2c2 communicationc2 servercanadachina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud providercloud servicescocos (keeling) islandscode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcowrie ssh attackcredential accesscredential attackcredential attackscredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential stuffing attemptcredential stuffing attemptscredential theftcredential-accesscredential_accesscredential_guessingcredential_stuffingcredentialsctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attemptddos mitigationddos preparationddos preventiondecoy systemdefense evasiondenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean cliftondigitalocean vpsdionaeadionaea activitydionaea honeypotdionaea payloadsdistributed attacksdos preventionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploit probingexploit scanningexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexport-to-otxexternal attackexternal remote servicesexternal threatexternal_threatfail2ban alertfail2ban alertsfail2ban blockfail2ban blocked ipsfail2ban detectedfail2ban eventfail2ban logfail2ban logsfail2ban triggerfail2ban triggeredfail2ban_eventfailed authenticationfailed loginfailed login attemptsfailed loginsfattfatt analysisfatt detectionsfilefinfinlandfirewall blockfirewall eventsfranceftpftp attacksftp brute forceftp brute-forceftp-brute-forceftp_brute_forcegame_servergb-originated trafficgeographic locationgeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap eventshoneytrap honeypothong konghostile scanhttp attackhttp brute forcehttp request anomalieshttp scannerhttp scanninghttp-brute-forcehttpshttps scanninghurricane ushydraidentity & access exploitationimap brute forceindiaindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityinjection attacksintrusion attemptintrusion detectioninvalid login attemptsiociot securityiot targetedip-blockingipv4ipv4_addressit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp exploitation attemptlamp stacklateral movementlinuxlinux serverlinux systemslog analysisloginlogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin brute forcinglogin brute-forcelogin bruteforcelogin failurelogin failure analysislogin securitylow-riskmacaomailmailoney activitymailoney eventsmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ip addressesmalicious ipsmalicious payloadmalicious payload attemptmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmaliciousactivitymalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware hostingmanualmasscanmedusamispmomod securitymultiple failed loginsnetworknetwork activitynetwork attacksnetwork brute forcenetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-scannetwork_attacknetwork_reconnaissancenetwork_scannetwork_scanningnetwork_service_exploitationnmapnorth americanoticeoceaniaosintp0fp0f os fingerprintingp0f signaturespasswordpassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_attackpassword_guessingpasswordspgp signphishingphishing attackphishing trapping of deathpolandpop3 brute forceport-scanningportscanpossible botnet activitypossible malware distributionpossible reconnaissancepotential ddos reconnaissancepotential exploitpotential intrusionpotential malware uploadpotentialcompromiseprivilege escalationprocess injectionprotocol exploitationprotocol-probingpublicly accessible infrastructureransomwarerdp-brute-forcereconnaissancereconnaissance activityremote accessremote access attackremote access attemptremote access attemptsremote serviceremote service exploitationremote service interactionremote servicesremote_accessresearchresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity alertsecurity eventsecurity logssecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventsserver securityservice discoveryservice enumerationservice exploitationservice scansftp access attemptssftp attacksftp exploitation attemptsshellsipsip attackssip brute forcesip scanningsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp scanningsmtp-brute-forcesocial engineeringsoftware developmentspamsql injectionsql injection attemptsshssh attackssh attacksssh brute-forcessh brute-force attemptssh bruteforcessh monitoringssh scanningssh-brutessh-brute-forcessh_brute_forcestaging_serversuricata alertsuricata alertsswedensynsystem accesssystem logst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021: remote servicest1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1078: valid accountst1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1110: brute forcet1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1567t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstargeting databasetcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-detectionthreat_intelligencetimeouttop10.txttopips.txttor nodetorontotpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunauthorized-access-attemptunauthorized_access_attemptsunited kingdomunited statesunknown threat actorus abuseus noneus-akuser enumerationutc+1:00valid accountsvoidtrapvoipvoip attackvpnvpn ipvpsvps securityvulnerability scanvultrvultr_platform_activityweb app attackweb application attackweb attackweb brute forceweb exploitweb exploitationweb loginweb shell uploadweb spamweb trafficxmaszmap
Activity Timeline
Jun 14Jun 14
Threat Activity Heatmap
· Peak: 2026-06-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
31
Reports
First seenMay 19, 2023
Last seenJun 14, 2026
GeolocationMO
CountryMacao
LocationZhuojiacun, Our Lady of Carmo
ASNAS4609
OrgCTM Internet Service
Coords22.1500, 113.5500
VPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected attempting to brute force SSH on Vultr Tokyo (Japan) honeypot
- raw
- inetnum: 182.93.0.0 - 182.93.63.255 netname: CTM-AS-AP descr: CTM country: MO geoloc: 22.200559616089 113.54611206055 org: ORG-CDTD1-AP admin-c: CN448-AP tech-c: CM2469-AP abuse-c: AC2161-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CTM-MO mnt-routes: MAINT-CTM-MO mnt-irt: IRT-CTM-MO last-modified: 2021-01-18T03:52:16Z source: APNIC irt: IRT-CTM-MO address: Rua da Lagos, Telecentro address: P.O. Box 868 address: Taipa address: Macau e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CN448-AP tech-c: CM2469-AP auth: # Filtered remarks: [email protected] is invalid mnt-by: MAINT-CTM-MO last-modified: 2025-11-18T00:26:29Z source: APNIC organisation: ORG-CDTD1-AP org-name: Companhia de Telecomunicacoes de Macau org-type: LIR country: MO address: Rua de Lagos address: Telecentro address: Taipa address: Macau phone: +853-891-2211 fax-no: +853-891-2933 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:42Z source: APNIC role: ABUSE CTMMO country: ZZ address: Rua da Lagos, Telecentro address: P.O. Box 868 address: Taipa address: Macau phone: +000000000 e-mail: [email protected] admin-c: CN448-AP tech-c: CM2469-AP nic-hdl: AC2161-AP remarks: Generated from irt object IRT-CTM-MO remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-07-16T13:12:03Z source: APNIC person: CTM Mcenter address: Rua de Lagos, Telecentro, Taipa country: MO phone: +853 8891 2211 e-mail: [email protected] nic-hdl: CM2469-AP mnt-by: MAINT-CTM-MO last-modified: 2022-06-27T02:35:35Z source: APNIC person: CTM NOC address: Rua de Lagos, Telecentro, Taipa country: MO phone: +853 8891 2211 e-mail: [email protected] nic-hdl: CN448-AP mnt-by: MAINT-CTM-MO last-modified: 2022-06-27T02:30:59Z source: APNIC route: 182.93.50.0/24 descr: CTM Internet Service origin: AS4609 mnt-lower: MAINT-CTM-MO mnt-routes: MAINT-CTM-MO mnt-by: MAINT-CTM-MO last-modified: 2014-07-08T09:43:44Z source: APNIC
- references
- https://purplesynapz.com/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceantoronto-ssh-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-04-06/, https://voidvendor.com/intel, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceantoronto-ssh-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-31/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 8 days ago
Appeared in 31 threat reports