IOC Radar
IPMediumSignal 62/100

117.156.112.96

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS9808
China Mobile
First Seen
Feb 22, 2024
Last Seen
May 30, 2026
Feb 22
First Seen
840d ago
May 30
Last Seen
12d ago
26
Reports
source reports
62%
Confidence
medium
8/91
VirusTotal
detections
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

59 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS9808
OrganizationChina Mobile

Feed Intelligence Summary

26 reports62% confidence
26
Source reports
62%
Confidence score
Category tags
abuseabuseipdbaccess attemptaccess controlaccount discoveryaccount profilingaccount takeoverack scanactive scanactive scanningaptasiaatif feedattackattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauto-generated securitybad reputationbad web botbanlist feedbinary defenseblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2 communicationchinaciscocisco devicecncommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostcowriecowrie honeypotcowrie interactionscredential accesscredential attackcredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attack indicatorsdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackencryptionenterprise networkingenumerationeuropeexploitexploit attemptsexploit kit activityexploitation activityexploitation attemptexploited hostexternal scanexternal threatfailed loginsfattfatt detectionsfatt signaturesfin scanfinlandfirewall detectionfranceftpftp brute forcegermanyhackinghoneynet connecthoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttpsidentity & access exploitationindiaindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternal scaninternet-facingioclamplamp server targetinglateral movementlogin attemptlogin attemptsmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmanualmasscan activitynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnmap scan detectednorth americanull scanoceaniaopenctios fingerprintingp0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandpossible vulnerability probingpotential botnet activitypotential exploit targetingpotential reconnaissance activitypotential vulnerability probingprocess injectionprotocol exploitationransomwareransomware activityreconnaissancereconnaissance activityremote accessremote access attackremote servicesresearchedresource hijackingscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice scanservice version detectionsftpsftp access attemptsftp attacksmb brute forcesmtpsmtp attacksmtp brute forcesmtp probingsocial engineeringsocradar honeypotspamsql injectionsql injection attemptssshssh attackssh monitoringstealth scansuricata alertssweep scansyn scant1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1078.002t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1587.001t1588.004t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunited kingdomunited statesvnc protocolvoidtrapvoipvoip attackvulnerability scanweb app attackweb application attackweb application attacksweb exploitationweb spamweb trafficxmas scan

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
26
Reports
First seenFeb 22, 2024
Last seenMay 30, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS9808
OrgChina Mobile
Coords34.7732, 113.7220

VirusTotal

8/ 91vendors flagged
9% detection rateJun 7, 2026

WHOIS

description
BruteForce_Attack
raw
inetnum: 117.144.0.0 - 117.159.255.255 netname: CMNET descr: China Mobile Communications Corporation descr: Mobile Communications Network Operator in China descr: Internet Service Provider in China country: CN org: ORG-CM1-AP admin-c: ct74-AP tech-c: HL1318-AP abuse-c: AC2006-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CN-CMCC mnt-routes: MAINT-CN-CMCC mnt-irt: IRT-CHINAMOBILE-CN last-modified: 2025-12-05T04:13:54Z source: APNIC irt: IRT-CHINAMOBILE-CN address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CT74-AP tech-c: CT74-AP auth: # Filtered remarks: [email protected] was validated on 2026-03-23 mnt-by: MAINT-CN-CMCC last-modified: 2026-03-23T00:47:53Z source: APNIC organisation: ORG-CM1-AP org-name: China Mobile org-type: LIR country: CN address: 29, Jinrong Ave. phone: +86-10-5268-6688 fax-no: +86-10-5261-6187 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:48Z source: APNIC role: ABUSE CHINAMOBILECN country: ZZ address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 phone: +000000000 e-mail: [email protected] admin-c: CT74-AP tech-c: CT74-AP nic-hdl: AC2006-AP remarks: Generated from irt object IRT-CHINAMOBILE-CN remarks: [email protected] was validated on 2026-03-23 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2026-03-23T00:48:02Z source: APNIC role: chinamobile tech address: 29, Jinrong Ave.,Xicheng district address: Beijing country: CN phone: +86 5268 6688 fax-no: +86 5261 6187 e-mail: [email protected] admin-c: HL1318-AP tech-c: HL1318-AP nic-hdl: ct74-AP notify: [email protected] mnt-by: MAINT-cn-cmcc abuse-mailbox: [email protected] last-modified: 2016-11-29T09:37:27Z source: APNIC person: haijun li nic-hdl: HL1318-AP e-mail: [email protected] address: 29,Jinrong Ave, Xicheng district,beijing,100032 phone: +86 1052686688 fax-no: +86 10 52616187 country: CN mnt-by: MAINT-CN-CMCC abuse-mailbox: [email protected] last-modified: 2016-11-29T09:38:38Z source: APNIC route: 117.156.0.0/15 descr: China Mobile communications corporation origin: AS9808 mnt-by: MAINT-CN-CMCC last-modified: 2008-09-04T07:55:15Z source: APNIC
references
https://purplesynapz.com/, https://redpiranha.net, https://voidvendor.com/intel, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 12 days ago
Appeared in 26 threat reports