IPMediumSignal 73/100
123.150.138.194
Location
ChinaYouyilu, Tianjin
ASN
AS17638
Chinanet TJ
First Seen
Jan 23, 2024
Last Seen
Jun 11, 2026
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionYouyilu, Tianjin
ASNAS17638
OrganizationChinanet TJ
Feed Intelligence Summary
23 reports73% confidence
23
Source reports
73%
Confidence score
Category tags
abuseabuseipdbaccessaccess controlactionactive scanactive scanningadbhoney honeypotamerican expressapplication layer protocolaptasiaatif feedattackattacker-ipaustraliaauto-generated securityautomated attackbad reputationbad web botbankingbanlist feedbinary defenseblocklist_allbotnetbotnet activitybotnet activity detectionbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcec2 communicationchinacncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostconfigconnectconpotconpot honeypotcowriecowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingcredit card servicescssdata exfiltrationdata exfiltration attemptdata store exposuredatabase securityddosddos attackddos attacksdecoy systemdenial of servicedionaeadionaea activitydionaea honeypotdirectory traversaldistributed attackselasticpot honeypotelasticsearch monitoringemaileuropeexecutable fileexploitexploit attemptsexploit kit activityexploit: web applicationexploitation activityexploited hostfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftpftp brute forcegermanygithubgroupshackingheralding activityhoneynet connecthoneytrap activityhoneytrap honeypothttp brute forcehttp request anomalieshttp scannerhuaweiics securityidentity & access exploitationindicatorindustrial control systemsinfoinformation technologyinitial accessinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4irclamplamp exploitlamp exploitation attemptslamp server targetlamp stack targetinglateral movementlinuxlogin attemptmail service attackmailoney activitymailoney honeypotmalicious activitymalicious botnet activitymalicious email activitymalicious ip addressesmalicious login attemptsmalicious network activitymalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware detectionmalware distributionmalware filter listmalware hostingmirai botnetnation-state activitynetworknetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnorth americaoceaniapassword attackpassword attackspassword sprayingpayment processingphishingphishing attackphishing trappingpolandpossible exploit attemptspotential credential compromisepotential malicious activitypotential malware distributionprocess injectionprotocol exploitationpythonransomwarereconnaissanceredis honeypotredishoneypotremote accessremote access attemptsremote servicesresearchedresource hijackingrtbhscanscannerscanning activityscriptscripting attackssecurity operationssecurity policysentrypeer activitysentrypeer botnetserverservice enumerationservice scansftpsftp activitysftp attacksipsip brute forcesip enumerationsip scanningsip vulnerability scanningslugsmb brute forcesmtp brute forcesmtp probingsocial engineeringspamsshssh attackssh monitoringsurface webt1003t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized network activityunidentified attackerunited statesvoidtrapvoipvoip attackvulnerability scanvulnerability-exploitationwealth managementweb app attackweb application attackweb attackweb exploitationweb scannerweb spamweb trafficwestpac new zealand
Activity Timeline
Jun 11Jun 11
Threat Activity Heatmap
· Peak: 2026-06-11LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
23
Reports
First seenJan 23, 2024
Last seenJun 11, 2026
GeolocationCN
CountryChina
LocationYouyilu, Tianjin
ASNAS17638
OrgChinanet TJ
Coords39.0851, 117.1990
VirusTotal
Not checked
WHOIS
- description
- Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: abuseipdb, reported
- raw
- inetnum: 123.150.0.0 - 123.151.255.255 netname: CHINANET-TJ descr: CHINANET TIANJIN PROVINCE NETWORK descr: Tianjin Telecom Corporation descr: NO.11 LIUJING ROAD,HEDONG DISTRICT,TIANJIN country: CN admin-c: AT370-AP tech-c: CH93-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-TJ mnt-routes: MAINT-CHINANET-TJ mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:00Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: admin tjtele nic-hdl: AT370-AP e-mail: [email protected] address: No.11 LIUJING ROAD ,HEDONG ,TIANJIN,CHINA phone: +86-22-85580499 fax-no: +86-22-85580970 country: CN mnt-by: MAINT-CHINANET-TJ last-modified: 2014-04-01T03:31:13Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7201963132951404544-93lK?utm_source=share&utm_medium=member_desktop
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 16 days ago
Appeared in 23 threat reports