IOC Radar
IPMediumSignal 100/100

220.179.73.146

Location
ChinaChina
Hefei, AH
ASN
AS4134
Chinanet AH
First Seen
Nov 15, 2023
Last Seen
Feb 12, 2026
Nov 15
First Seen
937d ago
Feb 12
Last Seen
117d ago
21
Reports
source reports
99%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryCNChina
RegionHefei, AH
ASNAS4134
OrganizationChinanet AH

Feed Intelligence Summary

21 reports99% confidence
21
Source reports
99%
Confidence score
Category tags
abuseaccount compromiseactive scanningasiaatif feedattackaustraliaauthentication failuresauto-generated securityautomated scanbanlist feedbinary defensebotnetbrute forcebrute force attackchinacisco devicecloud infrastructurecloud infrastructure attackcloud servicescncommand and controlcommunication protocolcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationddosdecoy systemdenial of servicedevice managementdistributed attacksenterprise networkingeuropefail2ban eventftp brute forcehoneytrap honeypotindicatorinfrastructure acquisitionreconnaissanceinitial accessintrusion detectionlampmailoney honeypotmalicious activitymalicious softwaremalwaremanualnetworknetwork infrastructurenetwork probingnetwork scanningnetwork securityoceaniapassword attacksphishingphishing attackphishing trapprocess injectionreconnaissanceresearchedresource hijackingscanscannerscannerssftp attacksocial engineeringssh attackssh monitoringt1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1590.001t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat detectionthreat intelligenceunauthorized access attemptunited kingdomvoipweb crawlerweb crawling

Activity Timeline

1 total obs
Feb 12Feb 12

Threat Activity Heatmap

· Peak: 2026-02-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
21
Reports
First seenNov 15, 2023
Last seenFeb 12, 2026
GeolocationCN
CountryChina
LocationHefei, AH
ASNAS4134
OrgChinanet AH
Coords29.7108, 118.3309

VirusTotal

Not checked

WHOIS

description
IPV4 hosts detected performing scans on production environment located in Australia.
raw
inetnum: 220.178.0.0 - 220.180.255.255 netname: CHINANET-AH country: CN descr: CHINANET anhui province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 admin-c: CH93-AP tech-c: AT318-AP status: ALLOCATED non-PORTABLE mnt-by: MAINT-CHINANET last-modified: 2008-09-04T06:52:51Z source: APNIC role: ANHUI TELECOM address: 305 Changjiang West Road address: Hefei Anhui China country: CN phone: +86 0551 5185089 fax-no: +86 0551 5185500 e-mail: [email protected] remarks: send spam reports to [email protected] remarks: and abuse reports to [email protected] remarks: Please include detailed information and remarks: times in GMT+8:00 remarks: http://www.ah163.net admin-c: LW604-AP tech-c: LW604-AP nic-hdl: AT318-AP notify: [email protected] mnt-by: MAINT-CHINANET-AH abuse-mailbox: [email protected] last-modified: 2020-03-24T02:13:37Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2024-05-11/, https://jamesbrine.com.au, https://jamesbrine.com.au/bruteforce-ip-list-2024-05-08/, https://jamesbrine.com.au/vultrmadrid-ssh-bruteforce-ip-list-2024-05-01/, https://jamesbrine.com.au/vultrmadrid-ssh-bruteforce-ip-list-2024-04-29/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 months ago
Appeared in 21 threat reports