IPMediumSignal 86/100

`120.71.7.15`

Location

China

Xingfulu, Xinjiang

ASN

AS137695

Chinanet XJ

First Seen

Jul 1, 2025

Last Seen

May 27, 2026

Jul 1

First Seen

344d ago

May 27

Last Seen

15d ago

Reports

source reports

86%

Confidence

medium

1/91

VirusTotal

detections

Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

86%

Signal Score

86 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

65 techniques

Network Information

Country

China

RegionXingfulu, Xinjiang

ASNAS137695

OrganizationChinanet XJ

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

17 reports86% confidence

Source reports

86%

Confidence score

Category tags

abuseaccess controlactive scanactive scanninganomalous network connectionsapacheapache attacksapache vulnerability scanningasiaattackattack campaignaustraliaauthenticationauthentication attackauthentication attacksauthentication brute forceautomated attackautomated attacksbad reputationbad web botblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationchinachina mobilecisco devicecisco exploitation attemptcncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise assessmentcompromised hostcompromised systemscowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredentialsdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaea honeypotdionaea interactionsdistributed attacksenterprise networkingenumerationeuropeexecutable fileexfiltrationexploitexploitation activityexploitation attemptsexploited hostfattfatt signaturesfinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegb-originating attackgermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationindicatorindonesiainformation technologyinitial accessinjection activityinjection attacksiociot securityiot targetedit infrastructurelamplamp exploitation attemptlamp server targetinglateral movementlogin attacklogin attemptmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious ip activitymalicious loginmalicious script executionmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmod securitymodsecurity alertsmodsecurity attacksnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoceaniaopen proxyp0fp0f signaturespassword attackpassword attackspassword crackingpgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationproxyransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsservice scansftp access attemptsftp attacksmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringsuricata alertst-pott1003t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1550t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1589t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunited kingdomunited statesus abuseus nonevoipvoip attackvpnvpn ipvulnerability scanweb application attackweb attacksweb brute forceweb exploitationweb spamweb trafficwordpress brute force

Activity Timeline

1 total obs

May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

86%

Confidence

Reports

First seenJul 1, 2025

Last seenMay 27, 2026

GeolocationCN

CountryChina

LocationXingfulu, Xinjiang

ASNAS137695

OrgChinanet XJ

Coords34.7732, 113.7220

ProxyVPN

VirusTotal

1/ 91vendors flagged

1% detection rateJun 8, 2026

WHOIS

description: Honeypot
raw: inetnum: 120.68.0.0 - 120.71.255.255 netname: CHINANET-XJ descr: CHINANET Xinjiang province network descr: Data Communication Division descr: China Telecom country: CN admin-c: CH93-AP tech-c: IC83-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET mnt-lower: MAINT-CN-CHINANET-XINJIANG mnt-routes: MAINT-CHINANET mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:06:12Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-09-04T00:59:42Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: IPMASTER CHINANET-GD nic-hdl: IC83-AP e-mail: [email protected] address: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU phone: +86-20-87189274 fax-no: +86-20-87189274 country: CN mnt-by: MAINT-CHINANET-GD remarks: IPMASTER is not for spam complaint,please send spam complaint to [email protected] abuse-mailbox: [email protected] last-modified: 2021-05-12T09:06:58Z source: APNIC
references: https://github.com/telekom-security/tpotce, https://redpiranha.net, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-26/, https://jamesbrine.com.au, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-24/, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-11/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`120.71.7.15`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy