IOC Radar
IPMediumSignal 55/100

218.90.120.53

Location
ChinaChina
Wuxi, Jiangsu
ASN
AS4134
Chinanet JS
First Seen
Aug 15, 2025
Last Seen
May 1, 2026
Aug 15
First Seen
316d ago
May 1
Last Seen
57d ago
16
Reports
source reports
55%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

68 techniques

Network Information

CountryCNChina
RegionWuxi, Jiangsu
ASNAS4134
OrganizationChinanet JS

Feed Intelligence Summary

16 reports55% confidence
16
Source reports
55%
Confidence score
Category tags
access controlaccount enumerationactive scanactive scanningadresse ipaptasiaattackauthenticationazure adbad reputationbankingbelgiumbelgium ip addressesblocklist_allbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attemptbruteforcec2 communicationchinacloud environmentcloud infrastructurecncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostscompromised systemcredential accesscredential compromisecredential harvestingcredential stuffingcredit card servicesdata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedistributed attacksentra ideuropeexploitation activityexploited hostfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftp brute forcegermanyhackinghoneynet connecthttp brute forcehttp scanneridentity & access exploitationimapimap attackindicatorinformation technologyinjection activityintrusion detectionit infrastructurelateral movementlogin attacklogin attemptlogin brute forcemalicious activitymalicious ipmalicious softwaremalwaremalware distributionmicrosoft entra idmultiple accountsmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork enumerationnetwork intrusionnetwork scanningnetwork securitynorth americaopenctipassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedrobots3saslscannerscanning activitysecurity operationssecurity policysmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsoftware developmentspamssh attackt1005t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1053t1053.005t1055t1056t1056.001t1056.004t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.004t1076t1078t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1555.004t1555.005t1563t1565t1566t1566.001t1566.002t1566.003t1573t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tcptcp protocoltcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized access attemptunauthorized login attemptsunited stateswealth managementweb application attackweb crawlerweb crawlingweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 1May 1

Threat Activity Heatmap

· Peak: 2026-05-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
16
Reports
First seenAug 15, 2025
Last seenMay 1, 2026
GeolocationCN
CountryChina
LocationWuxi, Jiangsu
ASNAS4134
OrgChinanet JS
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

raw
inetnum: 218.90.0.0 - 218.94.255.255 netname: CHINANET-JS descr: CHINANET jiangsu province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CJ186-AP mnt-by: MAINT-CHINANET mnt-lower: MAINT-CHINANET-JS mnt-routes: maint-chinanet-js status: ALLOCATED non-PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-87799222 e-mail: [email protected] remarks: send anti-spam reports [email protected] remarks: send abuse reports [email protected] remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: [email protected] mnt-by: MAINT-CHINANET-JS last-modified: 2022-08-05T15:34:47Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 10 months ago · Last seen 1 month ago
Appeared in 16 threat reports