IOC Radar
IPMediumSignal 33/100

118.212.122.28

Location
ChinaChina
Nanchang, JX
ASN
AS4837
CNC Group CHINA169 Jiangxi Province Network
First Seen
Jan 29, 2024
Last Seen
May 27, 2026
Jan 29
First Seen
873d ago
May 27
Last Seen
23d ago
11
Reports
source reports
33%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
33%
Signal Score
33 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryCNChina
RegionNanchang, JX
ASNAS4837
OrganizationCNC Group CHINA169 Jiangxi Province Network

Feed Intelligence Summary

11 reports33% confidence
11
Source reports
33%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotasiaattackaustraliaauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute-forcechinacisco devicecisco exploitation attemptscncommand and controlcommunication protocolconpot honeypotcowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposuredatabase securityddosdecoy systemdevice managementdionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingexploitexploitationexploitation activityexploited hostfattftpftp brute forcehackinghoneytrap datahoneytrap honeypothttp scannerhttp scanningics securityidentity & access exploitationindicatorindustrial control systemsinjection activityintrusion detectioniot securityiot/ics attacklamplamp stack attacklamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisoceaniap0fpassword attacksphishingphishing attackphishing trappossible mirai variantprocess injectionprotocol exploitationransomwarereconnaissanceremote servicesresearchedresource hijackingscannerscanning activitysensor-taggedsentrypeer botnetsentrypeer detectionservice scansftp activitysftp attacksip brute forcesip scanningsmtpsocradar honeypotssh attackssh monitoringt1021t1021.001t1040t1041t1046t1053.005t1055t1059t1059.004t1071.001t1078t1078.002t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1486t1496t1499.001t1499.002t1499.003t1565t1588t1588.002t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp port scanvoipvoip attackvulnerability scanweb app attackweb traffic

Activity Timeline

1 total obs
May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This IP address (118.212.122.28) is a highly suspicious Indicator of Compromise (IOC) with a score of 32.99, indicating a significant potential threat to organizational security. Its consistent appearance across numerous reputable threat intelligence feeds underscores its widespread recognition as a malicious entity. The associated attack patterns highlight its involvement in a broad spectrum of hostile activities, including extensive reconnaissance, attempts at credential access, lateral moveme…

Threat ScoreLow Risk
33
SIGNAL
Signal Score
33%
Confidence
11
Reports
First seenJan 29, 2024
Last seenMay 27, 2026
GeolocationCN
CountryChina
LocationNanchang, JX
ASNAS4837
OrgCNC Group CHINA169 Jiangxi Province Network
Coords27.1222, 114.9593

VirusTotal

Not checked

WHOIS

description
Unknown source type: miniprint
raw
inetnum: 118.212.0.0 - 118.212.255.255 netname: UNICOM-JX descr: China Unicom Jiangxi province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: CH1302-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-JX mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:20:05Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC route: 118.212.0.0/16 descr: CNC Group CHINA169 Jiangxi Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:55:11Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 23 days ago
Appeared in 11 threat reports