IOC Radar
IPMediumSignal 31/100

101.30.12.143

Location
ChinaChina
Chengde, BJ
ASN
AS4837
China Unicom Hebei Province Network
First Seen
Apr 7, 2025
Last Seen
Apr 5, 2026
Apr 7
First Seen
439d ago
Apr 5
Last Seen
77d ago
18
Reports
source reports
31%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
31%
Signal Score
31 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Network Information

CountryCNChina
RegionChengde, BJ
ASNAS4837
OrganizationChina Unicom Hebei Province Network

Feed Intelligence Summary

18 reports31% confidence
18
Source reports
31%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapacheapache attackerasiaattackback orificebad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptchinacommand and controlcommunication protocolcommunication technologiescredential accesscredential stuffingdata exfiltrationdata store exposureddosddos attacksdecoy systemdenial of servicedistributed attacksexploit attemptsexploitation activityftp brute forcegpon formloginhackinghttp brute forceidentity & access exploitationindicatorinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attacklateral movementmalaysiamalicious activitymalicious softwaremalwaremalware propagationmalware scanningmirai botnetmobile carriersmobile networksmozinetgear dgnnetworknetwork attacksnetwork probingnetwork scanningnetwork securitynetwork service scanningpassword attacksprocess injectionprotocol exploitationransomwarercereconnaissanceremote accessremote servicesresearchedscanscannersecurity policyservice scansmtp brute forcesocradar honeypotsorasql injection attemptsssh attackt1021t1021.001t1021.002t1040t1046t1055t1059t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1210t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1573t1588t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp amplificationzgrab

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
31
SIGNAL
Signal Score
31%
Confidence
18
Reports
First seenApr 7, 2025
Last seenApr 5, 2026
GeolocationCN
CountryChina
LocationChengde, BJ
ASNAS4837
OrgChina Unicom Hebei Province Network
Coords39.9285, 116.3850

VirusTotal

Not checked

WHOIS

raw
inetnum: 101.16.0.0 - 101.31.255.255 netname: CNCGROUP-HE descr: China Unicom Hebei province network descr: China Unicom descr: No.21,Ji-Rong Street, descr: Beijing 100140 country: CN admin-c: CH455-AP tech-c: KL984-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP mnt-lower: MAINT-CNCGROUP-HE mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2023-10-21T03:32:34Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC role: CNCGroup Hostmaster e-mail: [email protected] address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China nic-hdl: CH455-AP phone: +86-10-82993155 fax-no: +86-10-82993102 country: CN admin-c: CH444-AP tech-c: CH444-AP mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:15Z source: APNIC person: Kong Lingfei nic-hdl: KL984-AP e-mail: [email protected] address: 45, Guang An Street, Shi Jiazhuang City, HeBei Province,050011,CN phone: +86-311-86681601 fax-no: +86-311-86689210 country: cn mnt-by: MAINT-CNCGROUP-HE last-modified: 2009-02-06T02:31:32Z source: APNIC route: 101.16.0.0/12 descr: China Unicom Hebei Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2010-12-31T02:58:02Z source: APNIC
references
https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7315383737553211392-8PBv?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 18 threat reports