IOC Radar
IPMediumSignal 42/100

111.53.116.82

Location
ChinaChina
Liuxiang, SX
ASN
AS56042
China Mobile
First Seen
Oct 14, 2023
Last Seen
Jun 7, 2026
Oct 14
First Seen
971d ago
Jun 7
Last Seen
3d ago
12
Reports
source reports
42%
Confidence
medium
3/91
VirusTotal
detections
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountryCNChina
RegionLiuxiang, SX
ASNAS56042
OrganizationChina Mobile

Feed Intelligence Summary

12 reports42% confidence
12
Source reports
42%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningapiasiaattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcec2c2 communicationchinacisco devicecncommand & controlcommand and controlcommentcommunication protocolcompromised hostcowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos attacksddos preparationdecoy systemdevice managementdionaea honeypotdistributed attacksenterprise networkingexecutable fileexploitation activityexploited hostftp brute forcegroupshackinghoneytrap honeypothttp brute forcehunteridentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinitiator ipinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attacklamploginmailoney honeypotmalicious activitymalicious ipmalicious network activitymalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmedia & entertainmentmiraimirai botnetnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork probingnetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysispassword attacksphishingphishing attackphishing trappngprocess injectionprotocol exploitationransomwarereconnaissanceremote service exploitationresearchedresponder ipscanscannerscriptsecurity policyserverservice scansftp attackslugsocial engineeringssh attackssh monitoringsurface webt1016t1016.001t1021.002t1021.004t1040t1041t1046t1047t1055t1056.001t1059t1059.001t1059.004t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1590.001t1595t1595.001t1595.002t1595.003tcptcp protocoltcp scantelecommunicationstelnettelnet threatthreatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeudp scanunauthorized accessunauthorized access attemptsvalidatorvulnerability scan

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
12
Reports
First seenOct 14, 2023
Last seenJun 7, 2026
GeolocationCN
CountryChina
LocationLiuxiang, SX
ASNAS56042
OrgChina Mobile
Coords35.0195, 110.9848

VirusTotal

3/ 91vendors flagged
3% detection rateJun 8, 2026

WHOIS

description
Connection lost after 13 seconds
raw
inetnum: 111.0.0.0 - 111.63.255.255 netname: CMNET descr: China Mobile Communications Corporation descr: Mobile Communications Network Operator in China descr: Internet Service Provider in China country: CN org: ORG-CM1-AP admin-c: ct74-AP tech-c: HL1318-AP abuse-c: AC2006-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CN-CMCC mnt-routes: MAINT-CN-CMCC mnt-irt: IRT-CHINAMOBILE-CN last-modified: 2020-07-15T13:10:04Z source: APNIC irt: IRT-CHINAMOBILE-CN address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CT74-AP tech-c: CT74-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-07 mnt-by: MAINT-CN-CMCC last-modified: 2025-03-07T06:38:53Z source: APNIC organisation: ORG-CM1-AP org-name: China Mobile org-type: LIR country: CN address: 29, Jinrong Ave. phone: +86-10-5268-6688 fax-no: +86-10-5261-6187 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:48Z source: APNIC role: ABUSE CHINAMOBILECN country: ZZ address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 phone: +000000000 e-mail: [email protected] admin-c: CT74-AP tech-c: CT74-AP nic-hdl: AC2006-AP remarks: Generated from irt object IRT-CHINAMOBILE-CN remarks: [email protected] was validated on 2025-03-07 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-07T06:39:27Z source: APNIC role: chinamobile tech address: 29, Jinrong Ave.,Xicheng district address: Beijing country: CN phone: +86 5268 6688 fax-no: +86 5261 6187 e-mail: [email protected] admin-c: HL1318-AP tech-c: HL1318-AP nic-hdl: ct74-AP notify: [email protected] mnt-by: MAINT-cn-cmcc abuse-mailbox: [email protected] last-modified: 2016-11-29T09:37:27Z source: APNIC person: haijun li nic-hdl: HL1318-AP e-mail: [email protected] address: 29,Jinrong Ave, Xicheng district,beijing,100032 phone: +86 1052686688 fax-no: +86 10 52616187 country: CN mnt-by: MAINT-CN-CMCC abuse-mailbox: [email protected] last-modified: 2016-11-29T09:38:38Z source: APNIC route: 111.0.0.0/10 descr: China Mobile communications corporation origin: AS9808 mnt-by: MAINT-CN-CMCC last-modified: 2012-02-15T08:47:26Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, may_14_report-20240514085413-7941_0_Table_View_of_Connection_Events.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 days ago
Appeared in 12 threat reports