IPMediumSignal 51/100
222.88.64.163
Location
ChinaGuancheng, HA
ASN
AS4134
Chinanet HA
First Seen
Nov 1, 2023
Last Seen
Jun 5, 2026
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionGuancheng, HA
ASNAS4134
OrganizationChinanet HA
Feed Intelligence Summary
24 reports51% confidence
24
Source reports
51%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount enumerationactive scanactive scanningadresse ipapacheapache attackerasiaatif feedauthenticationauthentication abuseauthentication attackauthentication failureauto-generated securityazure adbad reputationbankingbanlist feedbelgiumbelgium ip addressesbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptc2 communicationchinacloud environmentcloud infrastructurecncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscredential accesscredential compromisecredential harvestingcredential stuffingcredit card servicesdata exfiltrationdata store exposureddosddos attacksdecoy systemdenial of servicedistributed attacksdns attackdnsbleuropeexploitation activityexploited hostfinancefinancial servicesfinancial technologyfinlandfranceftp brute forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationimapimap attackindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityit infrastructurelateral movementlogin attacklogin attemptlogin attemptsmalaysiamalicious activitymalicious softwaremalicious trafficmalwaremalware distributionmalware-related botnet activitymanualmicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork enumerationnetwork intrusionnetwork perimeternetwork scanningnetwork securitynetwork service scanningnorth americapassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpossible botnet infectionprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedrtbhsaslscannerscannersscanning activitysecurity operationssecurity policyservice scansmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsoftware developmentspamssh attacksystem administrationt1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tcp protocoltcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited statesus ip addressus source ipuser enumerationvalid accountswealth managementweb application attackweb exploitation
Activity Timeline
Jun 5Jun 5
Threat Activity Heatmap
· Peak: 2026-06-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
24
Reports
First seenNov 1, 2023
Last seenJun 5, 2026
GeolocationCN
CountryChina
LocationGuancheng, HA
ASNAS4134
OrgChinanet HA
Coords34.8140, 112.6430
VirusTotal
Not checked
WHOIS
- description
- SSH bruteforce client IP
- raw
- inetnum: 222.88.0.0 - 222.89.255.255 netname: CHINANET-HA descr: CHINANET henan province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: HZ149-AP tech-c: CH93-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-HA mnt-routes: MAINT-CHINANET-HA mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:04:49Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: Hongbiao Zhang nic-hdl: HZ149-AP e-mail: [email protected] address: 97# Zhongyuan Street, Zhengzhou City, China phone: +86 371 65310018 fax-no: +86 371 65310015 country: CN mnt-by: MAINT-CHINANET-HA last-modified: 2008-09-04T07:29:40Z source: APNIC
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://lists.blocklist.de/lists/mail.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 9 days ago
Appeared in 24 threat reports