IOC Radar
IPMediumSignal 57/100

123.6.49.10

Location
ChinaChina
Zhengzhou, Henan
ASN
AS4837
CNC Group CHINA169 Henan Province Network
First Seen
Jun 21, 2023
Last Seen
May 22, 2026
Jun 21
First Seen
1085d ago
May 22
Last Seen
18d ago
13
Reports
source reports
57%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Network Information

CountryCNChina
RegionZhengzhou, Henan
ASNAS4837
OrganizationCNC Group CHINA169 Henan Province Network

Feed Intelligence Summary

13 reports57% confidence
13
Source reports
57%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney activityadbhoney honeypotadbhoney interactionsaerospace & defenseafricaapplication layer protocolargentinaasiaattackaustraliaaustriaauthentication attackauthentication attemptsauto-blockedautomotive manufacturingbad reputationbad web botbangladeshbankingbelgiumblog spambotnetbotnet activitybrazilbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcecanadachinacisco devicecivil servicescncommand and controlcommunication protocolconpot honeypotcowriecowrie activitycowrie attackcowrie attackscowrie honeypotcowrie interactioncowrie ssh attackscredential accesscredential brute-forcingcredential harvestingcredential stuffingcredit card servicescyber securitydata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaeadionaea activitydionaea attackdionaea exploit attemptsdionaea honeypotdionaea malwaredionaea malware collectiondistributed attackselasticpot dataelasticpot honeypotelasticsearch monitoringelectronics manufacturingemailencryptionenterprise networkingeuropeeurope/asiaexploitexploit probingexploit: web applicationexploitation activityexploitation attemptexploited hostfattfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftpftp brute forceftp brute-forcegermanygithubgovernment technologygroupshackingheralding protocol abusehoneytrap activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerics securityidentity & access exploitationimapindiaindicatorindonesiaindustrial automationindustrial control systemsindustrial iotindustrial productioninitial accessinjection activityintrusion detectioniociot securityiot targetediot/ics attackip-onlyipphoney dataipphoney honeypotirelanditalyjapankenyakorea, republic ofkyrgyzstanlamplamp attacklamp stack attacklamp stack targetinglateral movementlithuaniamailoney activitymailoney honeypotmalaysiamalicious activitymalicious network activitymalicious payloadmalicious payload detectionmalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware detectionmalware distribution attemptmanufacturing technologymexicomilitary operationsmongoliamorocconational securitynetherlandsnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnew zealandnextraynorth americanorwayoceaniaopenctip0fpanamapassword attackpassword attackspayment processingphilippinesphishingphishing attackphishing trapping of deathpolandpossible exploit attemptpotential intrusionpotential malicious activitypotential malware distributionpotential malware downloadprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policypythonquality controlransomwarereconnaissanceredis honeypotregulatory agenciesremote access attemptsremote servicesresearchedresource hijackingromaniarussiarussian federationscannerscanning activityscriptscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer connectionsserbiaservice enumerationservice scansftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptssingaporesip attackssip brute forcesip scanningsip vulnerability scanslugsmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsouth africasouth americaspamsql injectionsshssh attackssh monitoringssl-enrichmentsupply chain attacksupply chain managementsurface webswedensystem discoveryt-pott1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1055t1059t1059.001t1059.004t1059.005t1059.007t1068t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1573.002t1595t1595.001t1595.002t1595.003taiwantannertanner activitytanner attacktanner interactionstargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat-inteltor nodetpottpotceukraineunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunidentified attackerunited arab emiratesunited kingdomunited statesvalid accountsvenezuela, bolivarian republic ofvoipvoip attackvulnerability scanwealth managementweb app attackweb application attackweb attackweb crawlerweb crawlingweb exploitationweb scannerweb spamweb traffic

Activity Timeline

1 total obs
May 22May 22

Threat Activity Heatmap

· Peak: 2026-05-22
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
13
Reports
First seenJun 21, 2023
Last seenMay 22, 2026
GeolocationCN
CountryChina
LocationZhengzhou, Henan
ASNAS4837
OrgCNC Group CHINA169 Henan Province Network
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
AbuseIPDB 50% | CN | China Unicom Henan province network
raw
inetnum: 123.4.0.0 - 123.7.255.255 netname: UNICOM-HA descr: China Unicom Henan province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: WW444-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HA mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:07:33Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: Wei Wang nic-hdl: WW444-AP e-mail: [email protected] address: #55 San Quan Road, Zhengzhou, Henan Provice phone: +86-371-65952358 fax-no: +86-371-65968952 country: CN mnt-by: MAINT-CNCGROUP-HA last-modified: 2010-03-05T08:20:01Z source: APNIC route: 123.4.0.0/14 descr: CNC Group CHINA169 Henan Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:53Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 18 days ago
Appeared in 13 threat reports