IOC Radar
IPMediumSignal 51/100

106.227.87.29

Location
ChinaChina
Jiaxing, Jiangxi
ASN
AS149837
Chinanet JX
First Seen
Dec 28, 2024
Last Seen
Jun 2, 2026
Dec 28
First Seen
532d ago
Jun 2
Last Seen
11d ago
20
Reports
source reports
51%
Confidence
medium
1/91
VirusTotal
detections
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryCNChina
RegionJiaxing, Jiangxi
ASNAS149837
OrganizationChinanet JX

Feed Intelligence Summary

20 reports51% confidence
20
Source reports
51%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount enumerationaccount-compromiseactive scanactive scanningadresse ipasiaatif feedattackattack_vector:brute_forceauthenticationauthentication abuseauthentication attackauthentication_protocolauto-generated securityazure adbad reputationbankingbanlist feedbelgiumbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsc2 communicationc2 serverchinacivil servicescloud environmentcloud infrastructurecncommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowrie honeypotcredential accesscredential brute forcingcredential harvestingcredential stuffingcredential-accesscredential_accesscredit card servicesctadata exfiltrationdata exfiltration attemptsdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemail-protocolentra ideuropeexploitation activityexploitation attemptexploitation attemptsexploited hostfinancefinancial servicesfinancial technologyfinlandfrancefraud ordersftp brute forcegermanygovernment technologyhackinghoneynet connecthttp brute forceidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityiociot securityit infrastructurelateral movementlogin attacklogin attemptlogin attemptslogin brute forcelogin-attackmalaysiamalicious activitymalicious ip addressesmalicious softwaremalwaremalware behaviourmalware capturemalware deployment attemptsmalware distributionmanualmicrosoft 365microsoft azuremicrosoft entra idmultiple accountsmultiple usersnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork:tcpnorth americaos credential dumpingpassword attackpassword attackspassword crackingpassword sprayingpassword-attackpayment processingphishingphishing attackpolandpop3 brute forcepotential-atoprivateprocess injectionprotocol exploitationprotocol:imapprotocol:pop3protocol:saslprotocol:smtppublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote servicesremote_accessresearchedresource hijackingsaslsasl brute forcescams & fraudscannerscannersscanning activitysecurity operationssecurity policysentrypeer botnetservice scansftp access attemptsftp attacksip brute forcesmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsoftware developmentspamssh attackssh monitoringswedent1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1588.004t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp brute forcetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized accessunauthorized access attemptunited statesvoipvoip attackvulnerability scanwealth managementweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address with a threat score of 50.896, represents a significant and active threat to organizational security. Its high score and lack of whitelisting indicate a strong association with malicious activities such as persistent brute-force attacks targeting various services and widespread network scanning for vulnerabilities. If left unaddressed, connections to or from this IP could facilitate unauthorized access, lead to sensitive data exfiltration, or d…

Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
20
Reports
First seenDec 28, 2024
Last seenJun 2, 2026
GeolocationCN
CountryChina
LocationJiaxing, Jiangxi
ASNAS149837
OrgChinanet JX
Coords28.6742, 115.9100

VirusTotal

1/ 91vendors flagged
1% detection rateJun 3, 2026

WHOIS

description
Distributed Password cracking attempts in Microsoft Entra ID involving multiple users from CN
raw
inetnum: 106.224.0.0 - 106.239.255.255 netname: CHINANET-JX descr: CHINANET JIANGXI PROVINCE NETWORK descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: XY1-AP tech-c: WZ1-CN abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-IP-WWF mnt-routes: MAINT-IP-WWF mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:08Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Wanshu Zhou address: Data Communication Bureau MPT address: 40 Xueyuan Rd. address: Beijing China 100083 country: CN phone: +86-10-205-3992 fax-no: +86-10-205-3994 e-mail: [email protected] nic-hdl: WZ1-CN notify: [email protected] notify: [email protected] mnt-by: MAINT-NULL last-modified: 2011-12-22T05:14:24Z source: APNIC person: Xu Yongzhong address: Data Communication Bireau address: Ministry of Posts and Telecommunications address: A12 Xin-jie-kou-wai Street address: Beijing 100088 country: CN phone: +86-10-62053991 fax-no: +86-10-62053995 e-mail: [email protected] nic-hdl: XY1-AP mnt-by: MAINT-IP-WWF last-modified: 2021-01-05T00:59:14Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 11 days ago
Appeared in 20 threat reports