IPMediumSignal 51/100
219.139.39.106
Location
ChinaWuhan, SH
ASN
AS4134
Chinanet HB
First Seen
Jul 1, 2023
Last Seen
Jun 16, 2026
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionWuhan, SH
ASNAS4134
OrganizationChinanet HB
Feed Intelligence Summary
23 reports51% confidence
23
Source reports
51%
Confidence score
Category tags
abuseaccess controlaccount accessaccount compromiseaccount enumerationaccount lockoutactive scanactive scanningadresse ipaptasiaatif feedattackattacker ip addressesauthenticationauthentication abuseauto-generated securityazure adbad reputationbankingbanlist feedbelgiumbelgium ip addressesbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcebruteforcec2 communicationc2 serverchinacivil servicescloud environmentcloud infrastructurecloud infrastructure attackcncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscredential accesscredential brute forcecredential compromisecredential harvestingcredential stuffingcredential-accesscredit card servicesdata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdenial of servicedistributed attacksemail-protocolentra ideuropeexploitation activityexploited hostfailed authenticationfailed login attemptsfinancefinance and insurancefinancial servicesfinancial technologyfinlandfoods and drinksfranceftp brute forcegermanygovernment technologyhackinghoneynet connecthttp brute forceidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniocit infrastructurelateral movementlogin attacklogin attemptlogin attemptsmalaysiamalicious activitymalicious hostmalicious softwaremalwaremalware distributionmanualmicrosoft 365microsoft azuremicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork enumerationnetwork intrusionnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-protocolnorth americapassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesremote accessremote access attemptsremote servicesresearchedsaslsasl authenticationsasl brute forcescannerscannersscanning activitysecurity operationssecurity policyservice scansmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsoftware developmentspamsshssh attackt1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tcptcp brute forcetcp protocoltcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized access attemptunauthorized login attemptsunited kingdomunited statesvulnerability scanwealth managementweb application attackweb exploitationweb spam
Activity Timeline
Jun 16Jun 16
Threat Activity Heatmap
· Peak: 2026-06-16LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
23
Reports
First seenJul 1, 2023
Last seenJun 16, 2026
GeolocationCN
CountryChina
LocationWuhan, SH
ASNAS4134
OrgChinanet HB
Coords31.1959, 121.4471
VirusTotal
Not checked
WHOIS
- description
- Distributed Password cracking attempts in Microsoft Entra ID involving multiple users from CN
- raw
- inetnum: 219.138.0.0 - 219.140.255.255 netname: CHINANET-HB descr: CHINANET hubei province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CHA1-AP mnt-by: MAINT-CHINANET mnt-lower: MAINT-CN-CHINANET-HB status: ALLOCATED NON-PORTABLE last-modified: 2008-09-04T06:51:38Z source: APNIC role: CHINANET HB ADMIN address: 8th floor of JinGuang Building address: #232 of Macao Road address: HanKou Wuhan Hubei Province address: P.R.China country: CN phone: +86 27 82862199 fax-no: +86 27 82861499 e-mail: [email protected] remarks: send spam reports to [email protected] remarks: and abuse reports to [email protected] remarks: Please include detailed information and remarks: times in GMT+8 admin-c: YZ83-AP admin-c: ZC77-AP tech-c: YZ83-AP tech-c: ZC77-AP nic-hdl: CHA1-AP notify: [email protected] mnt-by: MAINT-CN-CHINANET-HB last-modified: 2013-08-06T11:09:18Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
- references
- 36.135.103.30.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 9 days ago
Appeared in 23 threat reports