IOC Radar
IPMediumSignal 73/100

120.0.52.24

Location
ChinaChina
Shijiazhuang, HE
ASN
AS4837
China Unicom China169 Network
First Seen
Jan 21, 2022
Last Seen
Jan 28, 2026
Jan 21
First Seen
1603d ago
Jan 28
Last Seen
136d ago
11
Reports
source reports
73%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryCNChina
RegionShijiazhuang, HE
ASNAS4837
OrganizationChina Unicom China169 Network

Feed Intelligence Summary

11 reports73% confidence
11
Source reports
73%
Confidence score
Category tags
abuseaccessactive scanningasiaattackauto-generated securitybotnetbrute forcebrute force attackbrute force attemptschinacisco devicecisco device targetingcncommand and controlcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdecoy systemdevice managementdistributed attacksemailenterprise networkingftp brute forcegithubgroupshackinghoneytrap honeypothttp brute forceindicatorlamplamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious payload detectionmalicious softwaremalwarenetworknetwork enumerationnetwork infrastructurenetwork scanningpassword attacksphishingphishing attackphishing trappossible botnet activitypossible exploit attemptpotential exploit activitypotential malicious activityprocess injectionpythonreconnaissanceresearchedscannerscriptservice enumerationsftpsftp attackslugsmtp brute forcesocial engineeringsshssh attackssh monitoringsurface webt1021t1021.004t1041t1046t1055t1059t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat detectionunauthorized accessunauthorized access attemptsunidentified attacker

Activity Timeline

1 total obs
Jan 28Jan 28

Threat Activity Heatmap

· Peak: 2026-01-28
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
11
Reports
First seenJan 21, 2022
Last seenJan 28, 2026
GeolocationCN
CountryChina
LocationShijiazhuang, HE
ASNAS4837
OrgChina Unicom China169 Network
Coords39.0728, 114.8731

VirusTotal

Not checked

WHOIS

description
Unknown source type: h0neytr4p
raw
inetnum: 120.0.0.0 - 120.15.255.255 netname: UNICOM-HE descr: China Unicom Heibei Province Network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: KL984-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HE mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:07:17Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: Kong Lingfei nic-hdl: KL984-AP e-mail: [email protected] address: 45, Guang An Street, Shi Jiazhuang City, HeBei Province,050011,CN phone: +86-311-86681601 fax-no: +86-311-86689210 country: cn mnt-by: MAINT-CNCGROUP-HE last-modified: 2009-02-06T02:31:32Z source: APNIC route: 120.0.0.0/12 descr: China Unicom China169 Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2017-05-05T06:28:01Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 4 months ago
Appeared in 11 threat reports