IOC Radar
IPMediumSignal 54/100

101.199.254.205

Location
ChinaChina
Jinrongjie, Beijing
ASN
AS4808
Beijing Qihu Technology Company Limited
First Seen
Oct 29, 2024
Last Seen
Apr 7, 2026
Oct 29
First Seen
589d ago
Apr 7
Last Seen
64d ago
11
Reports
source reports
54%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryCNChina
RegionJinrongjie, Beijing
ASNAS4808
OrganizationBeijing Qihu Technology Company Limited

Feed Intelligence Summary

11 reports54% confidence
11
Source reports
54%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney activityadbhoney honeypotapplication layer protocolasiaattackaustraliaauthentication attackauthentication failurebad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptchinacisco attackcisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscncommand and controlcommunication protocolconnected devicesconpot activityconpot honeypotcowriecowrie activitycowrie attackcowrie honeypotcowrie ssh attackscredential accesscredential guessingcredential harvestingcredential stuffingctadata exfiltrationdata store exposuredatabase attackdatabase probingdatabase securitydatabase serversddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attackdionaea capturedionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingexploitexploit attemptexploitation activityexploitation attemptexploitation attemptsexploited hostfattftpftp brute forceftp brute-forcegithubgroupshackingheralding behaviorhoneytrap activityhoneytrap honeypothttp brute forcehttp scannerhttpsics securityidentity & access exploitationimapindexindicatorindustrial control systemsindustrial iotinformation technologyinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot analyticsiot applicationsiot platformsiot securityiot targetediot/ics attackipphoney honeypotlamplamp attacklamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlateral movement attemptmailoney activitymailoney honeypotmalicious activitymalicious network activitymalicious payloadmalicious payload attemptmalicious payload detectionmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware propagationnetworknetwork devicesnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americaoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpossible malware infectionpotential malicious activityprocess injectionprotocol exploitationpythonransomwarereconnaissanceredis honeypotredishoneypot activityremote servicesresearchedresource hijackingscannerscannersscanning activityscriptscripting attackssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer sip attacksservice scansftpsftp access attemptssftp activitysftp attacksftp attemptsftp exploitation attemptsipsip brute forcesip scansip scanningsip vulnerability scanslugsmart devicessmtpsmtp brute forcesmtp probingsocial engineeringspamsshssh attackssh monitoringsurface websystem accesst1021t1021.004t1021.006t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner attacktanner interactionstargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotceunauthorized loginunited statesvoipvoip attackvoip attacksvulnerability scanweb application attackweb application attacksweb application scanweb attackweb exploitweb exploitationweb server probingweb serversweb spamweb traffic

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
11
Reports
First seenOct 29, 2024
Last seenApr 7, 2026
GeolocationCN
CountryChina
LocationJinrongjie, Beijing
ASNAS4808
OrgBeijing Qihu Technology Company Limited
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
2025-02-02T06:21:57.211Z Honeypot : Tanner : Source: 101.199.254.205 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': 'd801aaf9-2ede-4286-a8e0-70111261cc87'}}}
raw
inetnum: 101.198.0.0 - 101.199.255.255 netname: QIHOO descr: Beijing Qihu Technology Company Limited descr: 112 Room, D buliding , Deshengyuan square, descr: No.28 xinjiekouwaiwai,Xicheng District descr: Beijing,China country: CN admin-c: JF855-AP tech-c: HZ2338-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-QIHOO-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:51:53Z source: APNIC irt: IRT-QIHOO-CN address: 112 Room, D buliding , Deshengyuan square, address: No.28 xinjiekouwaiwai,Xicheng District Beijing,China e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JF855-AP tech-c: HZ2338-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-08-24T03:23:36Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Hu Zhenyong address: 112 Room, D buliding , Deshengyuan square, address: No.28 xinjiekouwaiwai,Xicheng District Beijing,China country: CN phone: +86-010-58781000 e-mail: [email protected] nic-hdl: HZ2338-AP mnt-by: MAINT-CNNIC-AP last-modified: 2012-10-09T07:00:01Z source: APNIC person: Jiang Fan address: 112 Room, D buliding , Deshengyuan square, address: No.28 xinjiekouwaiwai,Xicheng District Beijing,China country: CN phone: +86-010-58781000 e-mail: [email protected] nic-hdl: JF855-AP mnt-by: MAINT-CNNIC-AP last-modified: 2012-10-09T07:00:01Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 11 threat reports