IOC Radar
IPMediumSignal 100/100

222.186.13.132

Location
ChinaChina
Nanjing, Jiangsu
ASN
AS4134
Chinanet JS
First Seen
Dec 21, 2023
Last Seen
Jun 22, 2025
Dec 21
First Seen
919d ago
Jun 22
Last Seen
370d ago
26
Reports
source reports
99%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

68 techniques

Network Information

CountryCNChina
RegionNanjing, Jiangsu
ASNAS4134
OrganizationChinanet JS

IP Category

VPN
VPN exit node

Feed Intelligence Summary

26 reports99% confidence
26
Source reports
99%
Confidence score
Category tags
abuseaccess controlaccount discoveryackack scanactive scanningapacheapache attackerattackbanner grabbing attemptbotnetbrute forcebrute force attackbrute force attacksc2certcitrix securitycommand and controlcommunication protocolconnect scancowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase exploitationddos attemptdecoy systemdenial of servicedionaea honeypotdistributed attacksenterprise securityenumerationenumeration activityenumeration attemptexploit attemptexploitationexploitation of privilegeexternal network scanexternal scanfinfin port scanfin scanfirewall detectionfirewall detection probefirewall evasionftp brute forcefull connect scanhoneytrap honeypothttp brute forcehttp probehttp scanninghttps probehttps scanningicmpimapimap attackimap brute forceindicatorinformation gatheringinfrastructure discoveryinitial accessinternal scanlamplateral movementmaimon scanmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemass port scanmass port scanningmass scanningmass scanning activitymasscanmassive port scanmassive scanningnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnmapnmap scannull port scannull scanopen port detectionopen port discoveryopen port enumerationopen port identificationopen portsoperating system detectionos detectionos fingerprintingos fingerprinting attemptpassword attackspassword crackingphishing attackpop3 brute forcepossible malicious activitypossible malware distributionpossible malware probingpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpotential botnet activitypotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote servicesresearchedscanscannerscanning activityscripting attackssecurity eventsecurity policyservice detectionservice discoveryservice enumerationservice version detectionsftp attacksmb scanningsmtp brute forcesocial engineeringsocradarsql injection attemptssh attackssh monitoringsslstealthstealth scanstealth scan techniquessuspected malicious activitysweep scansynsyn port scansyn scansystem discoveryt1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1040t1041t1046t1048t1055t1057t1059t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.004t1083t1087t1087.001t1087.002t1087.003t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1189t1190t1203t1204t1204.002t1205t1213t1486t1496t1499.002t1499.003t1539t1562t1563t1565t1566t1566.001t1566.002t1566.003t1583t1588t1588.002t1589t1589.001t1589.002t1590t1590.002t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantcp scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized network activityunauthorized probingunauthorized scanningunited statesunsolicited network probeversion detectionvpnweb attackweb exploitationweb server exploitationwindow scanxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 22Jun 22

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
26
Reports
First seenDec 21, 2023
Last seenJun 22, 2025
GeolocationCN
CountryChina
LocationNanjing, Jiangsu
ASNAS4134
OrgChinanet JS
Coords32.0607, 118.7630
VPN

VirusTotal

Not checked

WHOIS

description
Port Scan 2023-12-27T22:31:19.097Z -> 222.186.13.132 scanned port 4045 on one of our servers

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 year ago
Appeared in 26 threat reports