IPMediumSignal 69/100
123.240.79.54
Location
Taiwan, Province of ChinaTaichung, Taipei
ASN
AS131596
TBC
First Seen
Aug 16, 2021
Last Seen
Apr 7, 2026
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryTaiwan, Province of China
Taiwan, Province of ChinaRegionTaichung, Taipei
ASNAS131596
OrganizationTBC
Feed Intelligence Summary
21 reports69% confidence
21
Source reports
69%
Confidence score
Category tags
/32 ip addressabuseaccess attemptaccess controlaccount accessaccount discoveryaccount profilingaccount takeoveractive scanactive scanningasiaattackattack vector: networkattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication brute forceauthentication bypassauthentication failureauthentication: brute forceauto-generated securityautomated attackautomated threatautomated_attackbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcebruteforcingc2 communicationcisco devicecommand & controlcommand and controlcommand injectioncommunication protocolcompromise credentialscompromised credentialscompromised hostcompromised hostscowrie honeypotcowrie interactionscredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential_accesscredentialscyber securitydata exfiltrationdata store exposureddosddos attackddos attack indicatorsddos attacksdecoy systemdefault credentialsdenial of servicedevice managementdionaea honeypotdionaea interactionsdistributed attacksdnsdns attackenterprise networkingeuropeexploitexploit kit activityexploit public-facing applicationexploitationexploitation activityexploited hostexternal originexternal remote servicesfattfatt signaturesfinlandfranceftpftp brute forcegermanyhackinghoneynet connecthoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scanneridentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinfrastructure impairmentinitial accessinitiator ipinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4 attackslamplateral movementloginlogin attacklogin attemptlogin brute forcelogin brute-forcelogin failuremailoney honeypotmailoney interactionsmalicious activitymalicious network activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware-related botnet activitymanualmirai botnetnetworknetwork accessnetwork activitynetwork attacksnetwork behaviornetwork boundarynetwork brute forcenetwork devicenetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork loginnetwork login attemptnetwork logonnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork servicenetwork service exploitationnetwork service protocolnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnetwork_reconnaissancenextraynorth americaoceaniaos credential dumpingos credentials dumpingp0fp0f signaturespassword attackpassword attackspassword brute forcepassword crackingphishingphishing attackphishing trapping of deathpolandpossible botnet infectionpotential_compromiseprocess injectionprotocol exploitationprotocol: telnetransomwareransomware activityreconnaissanceremote accessremote access attackremote access protocolremote access serviceremote authenticationremote loginremote serviceremote servicesresearchedresource hijackingscanscannerscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsservice scanservice: telnetsftp attacksingle ip sourcesmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringsocradar honeypotsourcespamsql injection attemptsssh attackssh monitoringstolen credentialssuricata alertst1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1048t1055t1056.001t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1550.003t1555t1555.001t1555.002t1555.003t1555.004t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003taiwantaiwan, province of chinatannertanner interactionstargeting databasetcp protocoltcp scantcp/23telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottwudp scanunauthorized accessunauthorized access attemptunauthorized loginunited statesunited states sourceus /32us based attackus ip addressus ip sourceus sourceus source ipus-based attackusa sourceuser executionvalid accountsvoipvoip attackvulnerability scanweb application attackweb application attacksweb exploitationweb spamweb traffic
Activity Timeline
Apr 7Apr 7
Threat Activity Heatmap
· Peak: 2026-04-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
21
Reports
First seenAug 16, 2021
Last seenApr 7, 2026
GeolocationTW
CountryTaiwan, Province of China
LocationTaichung, Taipei
ASNAS131596
OrgTBC
Coords25.0382, 121.5636
VirusTotal
Not checked
WHOIS
- description
- Telnet bruteforce client IP
- raw
- inetnum: 123.240.0.0 - 123.241.255.255 netname: TBCOM-NET descr: TBC descr: 3F,NO.10 Ta-Yieh Road, Pei-Tou District. descr: Taipei Taiwan 112 country: TW admin-c: HS2369-AP tech-c: HS2369-AP abuse-c: AT939-AP status: ALLOCATED PORTABLE notify: [email protected] mnt-by: MAINT-TW-TWNIC mnt-lower: MAINT-TW-TWNIC mnt-irt: IRT-TWNIC-AP last-modified: 2021-11-04T00:49:37Z source: APNIC irt: IRT-TWNIC-AP address: 3F., No. 123, Sec. 4, Bade Rd., Songshan Dist., Taipei 105, Taiwan e-mail: [email protected] abuse-mailbox: [email protected] admin-c: TWA2-AP tech-c: TWA2-AP auth: # Filtered remarks: Please note that TWNIC is not an ISP and is not empowered remarks: to investigate complaints of network abuse. remarks: [email protected] is invalid mnt-by: MAINT-TW-TWNIC last-modified: 2025-02-21T07:05:51Z source: APNIC role: ABUSE TWNICAP country: ZZ address: 3F., No. 123, Sec. 4, Bade Rd., Songshan Dist., Taipei 105, Taiwan phone: +000000000 e-mail: [email protected] admin-c: TWA2-AP tech-c: TWA2-AP nic-hdl: AT939-AP remarks: Generated from irt object IRT-TWNIC-AP remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-21T07:06:08Z source: APNIC person: Headend SH address: No. 198, Shanjia, Zhunan Township, Miaoli County 350, Taiwan (R.O.C.), Taiwan country: TW phone: +886-37-288-600 Ext 6115 e-mail: [email protected] nic-hdl: HS2369-AP mnt-by: MAINT-TW-TWNIC last-modified: 2019-08-22T02:48:59Z source: APNIC inetnum: 123.240.0.0 - 123.241.255.255 netname: CM-CCTV-TC-TW descr: TBC descr: 12F., No. 936, Sec. 4, Wenxin Rd., Beitun Dist., Taichung City 406505 , Taiwan (R.O.C.) descr: Taipei Taiwan country: TW admin-c: RH61-TW tech-c: RH61-TW mnt-by: MAINT-TW-TWNIC changed: [email protected] 20070313 status: ASSIGNED NON-PORTABLE remarks: This information has been partially mirrored by APNIC from remarks: TWNIC. To obtain more specific information, please use the remarks: TWNIC whois server at whois.twnic.net. source: TWNIC person: TBCNET NOC address: TBCNET NOC address: 12F,934,Sec. 4, Wenxin Rd., Beitun Dist. address: Taichung Taiwan country: TW phone: +886-4-3504-0141 fax-no: +886-4-3504-0146 e-mail: [email protected] nic-hdl: RH61-TW changed: [email protected] 20180907 remarks: This information has been partially mirrored by APNIC from remarks: TWNIC. To obtain more specific information, please use the remarks: TWNIC whois server at whois.twnic.net. source: TWNIC
- references
- https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 2 months ago
Appeared in 21 threat reports