IPMediumSignal 51/100
117.156.56.7
Location
ChinaGuangzhou, Guangdong
ASN
AS9808
China Mobile
First Seen
Sep 11, 2022
Last Seen
May 29, 2026
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionGuangzhou, Guangdong
ASNAS9808
OrganizationChina Mobile
Feed Intelligence Summary
19 reports51% confidence
19
Source reports
51%
Confidence score
Category tags
abuseaccessaccess controlactionactive scanactive scanningadbhoney honeypotaptasiaattackaustraliaauthentication abuseauthentication attemptsauto-generated securityautomated attacksautomated threatbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute-force attackc2c2 communicationchinacisco devicecisco exploitation attemptcisco exploitation attemptscncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised devicecompromised hostcompromised systemconfigconnectconpot honeypotcowriecowrie attackscowrie honeypotcowrie interactionscowrie ssh logscredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingcssdata exfiltrationdata store exposuredatabase securityddosddos attackddos participationdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdistributed attacksemailenterprise networkingexecutable fileexploitexploit activityexploit attemptexploit attemptsexploit probingexploitationexploitation activityexploited hostexternal access attemptsfailed login attemptsfattfatt analysisftpftp attacksftp brute forceftp brute-forcegithubgroupshackinghoneytrap activityhoneytrap datahoneytrap honeypothttp scannerhttp scanninghttp/sics securityidentity & access exploitationindicatorindustrial control systemsinfoinfrastructure acquisitionreconnaissanceinjection activityintrusion detectioniot securityiot/ics attacklamplamp attacklamp exploit attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlateral movement techniqueslinuxlinux serverslinux systemsmailoney activitymailoney honeypotmalicious activitymalicious activity detectedmalicious domainmalicious login attemptsmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware downloadmalware propagationmanualnetworknetwork activitynetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisoceaniaopenctip0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappingping of deathpossible malware distributionpossible mirai variantpotential compromisepotential exploit attemptspotential intrusionprocess injectionprotocol abuseprotocol exploitationpythonreconnaissanceredis honeypotredishoneypotresearchedresource developmentresource hijackingscannerscannersscanning activityscriptscripting attackssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserverservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp exploitation attemptsipsip attackssip brute forcesip scanningslugsmtpsmtp attackssocial engineeringsql injectionsshssh attackssh attacksssh monitoringsurface websuricata alertst-pott1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.004t1059.007t1068t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1589t1590.001t1590.006t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottsecudp port scanunauthorized accessunauthorized access attemptvoipvoip attackvulnerability scanweb app attackweb application attackweb application scanningweb attackweb exploitationweb shell uploadsweb traffic
Activity Timeline
May 29May 29
Threat Activity Heatmap
· Peak: 2026-05-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
19
Reports
First seenSep 11, 2022
Last seenMay 29, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS9808
OrgChina Mobile
Coords34.7732, 113.7220
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=CN; ports=8441 Location=Sydney, Australia.
- raw
- inetnum: 117.128.0.0 - 117.191.255.255 netname: CMNET descr: China Mobile Communications Corporation descr: Mobile Communications Network Operator in China descr: Internet Service Provider in China country: CN org: ORG-CM1-AP admin-c: ct74-AP tech-c: HL1318-AP abuse-c: AC2006-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CN-CMCC mnt-routes: MAINT-CN-CMCC mnt-irt: IRT-CHINAMOBILE-CN last-modified: 2020-07-15T13:10:03Z source: APNIC irt: IRT-CHINAMOBILE-CN address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CT74-AP tech-c: CT74-AP auth: # Filtered remarks: [email protected] was validated on 2025-09-15 mnt-by: MAINT-CN-CMCC last-modified: 2025-09-15T02:19:35Z source: APNIC organisation: ORG-CM1-AP org-name: China Mobile org-type: LIR country: CN address: 29, Jinrong Ave. phone: +86-10-5268-6688 fax-no: +86-10-5261-6187 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:48Z source: APNIC role: ABUSE CHINAMOBILECN country: ZZ address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 phone: +000000000 e-mail: [email protected] admin-c: CT74-AP tech-c: CT74-AP nic-hdl: AC2006-AP remarks: Generated from irt object IRT-CHINAMOBILE-CN remarks: [email protected] was validated on 2025-09-15 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-15T02:20:13Z source: APNIC role: chinamobile tech address: 29, Jinrong Ave.,Xicheng district address: Beijing country: CN phone: +86 5268 6688 fax-no: +86 5261 6187 e-mail: [email protected] admin-c: HL1318-AP tech-c: HL1318-AP nic-hdl: ct74-AP notify: [email protected] mnt-by: MAINT-cn-cmcc abuse-mailbox: [email protected] last-modified: 2016-11-29T09:37:27Z source: APNIC person: haijun li nic-hdl: HL1318-AP e-mail: [email protected] address: 29,Jinrong Ave, Xicheng district,beijing,100032 phone: +86 1052686688 fax-no: +86 10 52616187 country: CN mnt-by: MAINT-CN-CMCC abuse-mailbox: [email protected] last-modified: 2016-11-29T09:38:38Z source: APNIC route: 117.156.0.0/15 descr: China Mobile communications corporation origin: AS9808 mnt-by: MAINT-CN-CMCC last-modified: 2008-09-04T07:55:15Z source: APNIC
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 16 days ago
Appeared in 19 threat reports