IOC Radar
IPMediumSignal 89/100

218.60.58.18

Location
ChinaChina
Shenyang, Liaoning
ASN
AS4837
CNC Group CHINA169 Liaoning Province Network
First Seen
Sep 19, 2024
Last Seen
May 29, 2026
Sep 19
First Seen
631d ago
May 29
Last Seen
14d ago
26
Reports
source reports
89%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
89%
Signal Score
89 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

70 techniques

Network Information

CountryCNChina
RegionShenyang, Liaoning
ASNAS4837
OrganizationCNC Group CHINA169 Liaoning Province Network

IP Category

Proxy
Proxy server

Feed Intelligence Summary

26 reports89% confidence
26
Source reports
89%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount accessaccount discoveryaccount profilingaccount takeoveractive scanactive scanninganomalous network connectionsapacheapplication accessapplication layer protocolaptasiaattackattack campaignaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication failuresautomated attackautomated attacksautomated blockingautomated brute forceautomated threatbad reputationbad web botblock listblock.txtblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationc2 serverchinachina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemscowrie datacowrie honeypotcredential accesscredential compromise attemptcredential guessingcredential stuffingcredential theft attemptcredential_accessctadaily_sourcesdata exfiltrationdata exfiltration attemptdata theftdatabase attackddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdigital oceandionaea honeypotdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexternal remote servicesexternal threatfail2ban blocked ipsfail2ban eventfail2ban triggeredfailed authenticationfailed loginfattfinlandfranceftpftp brute forceftp brute-forcegame_servergb-originating attackgermanyhackinghk abusehandlerhoneynet connecthoneytrap datahoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationinformation technologyinitial accessinternet-wide scanintrusion detectioniociot targetedit infrastructurelamplamp stack targetinglateral movementlinux malwarelog analysisloginlogin attacklogin attemptlogin attemptslogin brute forcelogin brute-forcelogin brutinglogin credentialslogin failurelogin failuresmailmailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious network activitymalicious payloadmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware download attemptsmalware propagationmalware scanningmod securitymysql brute forcenetworknetwork accessnetwork attacksnetwork devicenetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork loginnetwork login attemptnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service exploitationnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnetwork-based attacknorth americaoceaniaopenctip0fpassword attackpassword attackspassword crackingpassword cracking attemptspgp signphishingphishing attackphishing trapphp injection attemptspolandpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationproxyreconnaissancereconnaissance activityremote accessremote access abuseremote access attemptremote access serviceremote loginremote serviceremote service exploitationremote servicesresearchedresource hijackingscannerscannersscanning activityscripting attackssecurity monitoringsecurity operationssecurity policyself-signedsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionservice scanningsftp attacksingle ipsingle ip attacksingle ip sourcesingle sourcesingle source ipsip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp scanningsocradar honeypotsoftware developmentspamsql injection attemptssshssh attackssh monitoringssh servicestaging_serversystem accesst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1555t1555.003t1563t1565t1567t1573t1573.001t1588t1588.002t1588.004t1589t1589.002t1590t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunited kingdomunited statesunited states ipunited states sourceus /32us abuseus based attackerus based attackersus ip addressus ip sourceus noneus sourceus source ipusa ip addressuser discoveryuser enumerationvalid accountsvoipvoip attackweb application attackweb attackweb exploitationweb trafficwindows malware

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
89
SIGNAL
Signal Score
89%
Confidence
26
Reports
First seenSep 19, 2024
Last seenMay 29, 2026
GeolocationCN
CountryChina
LocationShenyang, Liaoning
ASNAS4837
OrgCNC Group CHINA169 Liaoning Province Network
Coords34.7732, 113.7220
Proxy

VirusTotal

Not checked

WHOIS

description
SSH bruteforce client IP
raw
inetnum: 218.60.0.0 - 218.61.255.255 netname: UNICOM-LN descr: China Unicom Liaoning province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: GZ84-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-LN mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:17:44Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] is invalid mnt-by: MAINT-CNCGROUP last-modified: 2025-09-10T13:07:04Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-10T13:08:11Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: Guangyu Zhan nic-hdl: GZ84-AP e-mail: [email protected] address: DATA Communication Bureau of Liaoning Province,China address: 38 Lianhe Road,Dadong District Shenyang 110044,China phone: +86-24-22800809 fax-no: +86-24-22800077 country: CN mnt-by: MAINT-CNCGROUP-LN last-modified: 2017-08-17T06:16:09Z source: APNIC route: 218.60.0.0/15 descr: CNC Group CHINA169 Liaoning Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:44Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 14 days ago
Appeared in 26 threat reports