IPMediumSignal 44/100

`123.6.49.36`

Location

China

Zhengzhou, Henan

ASN

AS4837

CNC Group CHINA169 Henan Province Network

First Seen

Aug 26, 2020

Last Seen

May 7, 2026

Aug 26

First Seen

2118d ago

May 7

Last Seen

38d ago

Reports

source reports

44%

Confidence

medium

5/91

VirusTotal

detections

Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

44%

Signal Score

44 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

52 techniques

Network Information

Country

China

RegionZhengzhou, Henan

ASNAS4837

OrganizationCNC Group CHINA169 Henan Province Network

Feed Intelligence Summary

20 reports44% confidence

Source reports

44%

Confidence score

Category tags

abuseactive scanactive scanningadbhoney activityadbhoney honeypotadbhoney interactionsaerospace & defenseapplication layer protocolasiaattackaustraliaauthentication attackauthentication attemptsauthentication bypass attemptauthentication failureautomated attackautomated attacksautomotive manufacturingbad reputationbad web botbankingblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute-forcec2chinacisco attackcisco devicecisco device targetingcivil servicescncommand & controlcommand and controlcommand executioncommunication protocolconpot honeypotcowrie activitycowrie attackcowrie attackscowrie honeypotcowrie interactioncowrie ssh attackscowrie ssh honeypotcredential accesscredential brute-forcingcredential compromisecredential harvestingcredential stuffingcredit card servicescyber securitydata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attemptdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaea activitydionaea attackdionaea capturedionaea exploit attemptsdionaea honeypotdionaea malwaredionaea malware collectiondistributed attackdistributed attackselasticpot dataelasticpot honeypotelasticsearch monitoringelectronics manufacturingenterprise networkingexim exploit attemptexploitexploit attemptexploit probingexploitation activityexploitation attemptexploitation attemptsexploited hostfattfinancefinance and insurancefinancial servicesfinancial technologyftpftp brute forceftp brute-forcegovernment technologyhackingheralding behaviorheralding protocol abusehoneytrap activityhoneytrap honeypothttp brute forcehttp scannerics securityidentity & access exploitationimapimap brute forceindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninformation technologyinitial accessinitial access attemptinjection activityinjection attacksinternet-facing attackintrusion detectioniociot securityiot targetediot/ics attackipphoney dataipphoney honeypotipv4it infrastructurelamplamp attacklamp stack attacklamp stack targetinglateral movementlinux systems targetedloginmailoney activitymailoney honeypotmalicious activitymalicious network activitymalicious payloadmalicious payload attemptmalicious payload detectionmalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distribution attemptmanufacturing technologymilitary operationsmysql brute forcenational securitynetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnextraynorth americaoceaniaopenctip0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathpossible credential reusepotential intrusionpotential malware downloadprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissanceredis honeypotregulatory agenciesremote accessremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer connectionssentrypeer detectionserver exploitationservice scansftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsshellshock attemptsip attackssip brute forcesip scanningsip vulnerability scansmtpsmtp brute forcesmtp scanningsocial engineeringsoftware developmentspamsql injection attemptssh attackssh monitoringsupply chain attacksupply chain managementsystem accesssystem discoveryt1021t1021.001t1021.002t1021.004t1021.006t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1078: valid accountst1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1588t1590t1595t1595.001t1595.002t1595.002: vulnerability scanningt1595.003tannertanner activitytanner attacktanner interactionstargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotcetsecttpsunauthorized accessunauthorized access attemptunauthorized loginunited statesvalid accountsvnc protocolvoipvoip attackvulnerability scanvulnerability-exploitationwealth managementweb app attackweb application attackweb attackweb attacksweb exploitweb exploitationweb scannerweb spamweb traffic

Activity Timeline

1 total obs

May 7May 7

Threat Activity Heatmap

· Peak: 2026-05-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

44%

Confidence

Reports

First seenAug 26, 2020

Last seenMay 7, 2026

GeolocationCN

CountryChina

LocationZhengzhou, Henan

ASNAS4837

OrgCNC Group CHINA169 Henan Province Network

Coords34.7732, 113.7220

VirusTotal

5/ 91vendors flagged

5% detection rateJun 8, 2026

WHOIS

description: Unknown source type: h0neytr4p
raw: inetnum: 123.4.0.0 - 123.7.255.255 netname: UNICOM-HA descr: China Unicom Henan province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: WW444-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HA mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:07:33Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: Wei Wang nic-hdl: WW444-AP e-mail: [email protected] address: #55 San Quan Road, Zhengzhou, Henan Provice phone: +86-371-65952358 fax-no: +86-371-65968952 country: CN mnt-by: MAINT-CNCGROUP-HA last-modified: 2010-03-05T08:20:01Z source: APNIC route: 123.4.0.0/14 descr: CNC Group CHINA169 Henan Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:53Z source: APNIC
references: https://github.com/telekom-security/tpotce

`123.6.49.36`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy