IOC Radar
IPHighVerifiedSignal 69/100

120.221.12.133

Location
ChinaChina
Qingdao, SD
ASN
AS9808
China Mobile
First Seen
Apr 7, 2026
Last Seen
Apr 24, 2026
Apr 7
First Seen
67d ago
Apr 24
Last Seen
50d ago
5
Reports
source reports
69%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

3 techniques

Network Information

CountryCNChina
RegionQingdao, SD
ASNAS9808
OrganizationChina Mobile

Feed Intelligence Summary

5 reports69% confidence
5
Source reports
69%
Confidence score
Category tags
active scanactive scanningasiabrute forcebrute force attackerbrute-forcebruteforcechinaindicatormssqlnetworkportscanreconnaissanceresearchedscannerscannersservice scant1595.001t1595.002t1595.003vultr

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
5
Reports
First seenApr 7, 2026
Last seenApr 24, 2026
Verified IOC
GeolocationCN
CountryChina
LocationQingdao, SD
ASNAS9808
OrgChina Mobile
Coords36.0986, 120.3719

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force MSSQL on Vultr Tokyo (Japan) honeypot
raw
inetnum: 120.192.0.0 - 120.255.255.255 netname: CMNET descr: China Mobile Communications Corporation descr: Mobile Communications Network Operator in China descr: Internet Service Provider in China country: CN org: ORG-CM1-AP admin-c: ct74-AP tech-c: HL1318-AP abuse-c: AC2006-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CN-CMCC mnt-routes: MAINT-CN-CMCC mnt-irt: IRT-CHINAMOBILE-CN last-modified: 2020-07-15T13:10:01Z source: APNIC irt: IRT-CHINAMOBILE-CN address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CT74-AP tech-c: CT74-AP auth: # Filtered remarks: [email protected] was validated on 2026-03-23 mnt-by: MAINT-CN-CMCC last-modified: 2026-03-23T00:47:53Z source: APNIC organisation: ORG-CM1-AP org-name: China Mobile org-type: LIR country: CN address: 29, Jinrong Ave. phone: +86-10-5268-6688 fax-no: +86-10-5261-6187 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:48Z source: APNIC role: ABUSE CHINAMOBILECN country: ZZ address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 phone: +000000000 e-mail: [email protected] admin-c: CT74-AP tech-c: CT74-AP nic-hdl: AC2006-AP remarks: Generated from irt object IRT-CHINAMOBILE-CN remarks: [email protected] was validated on 2026-03-23 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2026-03-23T00:48:02Z source: APNIC role: chinamobile tech address: 29, Jinrong Ave.,Xicheng district address: Beijing country: CN phone: +86 5268 6688 fax-no: +86 5261 6187 e-mail: [email protected] admin-c: HL1318-AP tech-c: HL1318-AP nic-hdl: ct74-AP notify: [email protected] mnt-by: MAINT-cn-cmcc abuse-mailbox: [email protected] last-modified: 2016-11-29T09:37:27Z source: APNIC person: haijun li nic-hdl: HL1318-AP e-mail: [email protected] address: 29,Jinrong Ave, Xicheng district,beijing,100032 phone: +86 1052686688 fax-no: +86 10 52616187 country: CN mnt-by: MAINT-CN-CMCC abuse-mailbox: [email protected] last-modified: 2016-11-29T09:38:38Z source: APNIC route: 120.192.0.0/11 descr: China Mobile communications corporation origin: AS9808 mnt-by: MAINT-CN-CMCC last-modified: 2008-11-05T07:31:17Z source: APNIC
references
https://jamesbrine.com.au/vultrtokyo-mssql-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrtokyo-mssql-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/vultrtokyo-mssql-bruteforce-ip-list-2026-04-15/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 months ago · Last seen 1 month ago
Appeared in 5 threat reports