IOC Radar
IPMediumSignal 50/100

218.92.0.183

Location
ChinaChina
Nanjing, Jiangsu
ASN
AS4134
CHINANET jiangsu province network
First Seen
Nov 4, 2024
Last Seen
May 10, 2026
Nov 4
First Seen
598d ago
May 10
Last Seen
46d ago
16
Reports
source reports
50%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryCNChina
RegionNanjing, Jiangsu
ASNAS4134
OrganizationCHINANET jiangsu province network

Feed Intelligence Summary

16 reports50% confidence
16
Source reports
50%
Confidence score
Category tags
abuseactive scanactive scanningasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attemptsauto-generated securitybad reputationbanlist feedbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attemptchinacncommand and controlcommunication protocolcompromise attemptcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredistributed attackseuropeexploitation activityfail2ban alertfailed loginftp brute forceidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinjection activitymalicious activitymalicious softwaremalwaremanualmultiple failed attemptsnetworknetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringoceaniapassword attacksphishingphishing attackpossible brute forceprocess injectionreconnaissanceresearchedscanscannersecurity operationssipsocial engineeringsshssh attackt1021t1021.001t1040t1046t1055t1059t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1587.001t1588t1588.004t1589t1590.001t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat intelligencetor nodeunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomvoip

Activity Timeline

1 total obs
May 10May 10

Threat Activity Heatmap

· Peak: 2026-05-10
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
16
Reports
First seenNov 4, 2024
Last seenMay 10, 2026
GeolocationCN
CountryChina
LocationNanjing, Jiangsu
ASNAS4134
OrgCHINANET jiangsu province network
Coords34.5952, 119.1664

VirusTotal

Not checked

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 218.90.0.0 - 218.94.255.255 netname: CHINANET-JS descr: CHINANET jiangsu province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CJ186-AP mnt-by: MAINT-CHINANET mnt-lower: MAINT-CHINANET-JS mnt-routes: maint-chinanet-js status: ALLOCATED non-PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-87799222 e-mail: [email protected] remarks: send anti-spam reports [email protected] remarks: send abuse reports [email protected] remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: [email protected] mnt-by: MAINT-CHINANET-JS last-modified: 2022-08-05T15:34:47Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC route: 218.92.0.0/16 descr: CHINANET jiangsu province network origin: AS4134 mnt-by: MAINT-CHINANET-JS last-modified: 2019-02-14T06:59:43Z source: APNIC
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 16 threat reports