IPMediumSignal 59/100
124.115.217.162
Location
ChinaLiuxiang, Shanxi
ASN
AS4134
Chinanet SN
First Seen
Jul 3, 2023
Last Seen
Jun 2, 2026
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionLiuxiang, Shanxi
ASNAS4134
OrganizationChinanet SN
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
26 reports59% confidence
26
Source reports
59%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount accessaccount compromiseaccount enumerationaccount lockoutactive scanactive scanningadresse ipasiaatif feedattackauthentication brute forceauthentication bypassauto-generated securityazure adazure securitybabukbad reputationbank securitybankingbanlist feedbelgiumbianlianbinary defenseblackcatblocked sign-inbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-force attackc2 communicationc2 serverchinacivil servicescloud environmentcloud infrastructurecloud infrastructure attackcloud servicescncommand & controlcommand and controlcommunication protocolcommunications networkscompromised hostcompromised hostsconsumer goodscowrie honeypotcredential accesscredential brute forcecredential harvestingcredential stuffingcredit card servicescritical infrastructurectacyber threatsdarkdark webdata exfiltrationdata store exposuredata theftddosdecoy systemdefense systemsdistributed attacksegregoremergency servicesenergy systemsentra ideuropeexploitation activityexploitation attemptexploited hostfinancefinancial institutionfinancial servicesfinancial systemsfinancial technologyfinlandfinland activityfranceftp brute forcegermanygovernment facilitiesgovernment technologyhackinghoneynet connecthttp brute forcehunteridentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniocit infrastructureitalian mariolateral movementlockbitlogin attacklogin attemptmalaysiamalicious activitymalicious softwaremalwaremalware distributionmanualmariomegamicrosoft 365microsoft azuremicrosoft entra idmultiple usersnetworknetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork intrusionnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnoescapenorth americaos credential dumpingpassword attackpassword attackspassword crackingpassword sprayingpaulsanpayment processingphishingphishing attackpolandpop3 brute forceprocess injectionprotocol exploitationproxypublic administrationpublic infrastructurepublic policyransomhouseransomwarereconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingretail tradertbhsamsamsaslsasl authenticationsasl brute forcescanscannerscannersscanning activitysecurity operationssecurity policyservice scansftp attacksign-in logs analysissmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsoftware developmentspamssh attackssh monitoringt1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tcp brute forcetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodetransportation networksudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited statesvalid accountsvoipvulnerability scanwater systemswealth managementwhite rabbit
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address identified as 124.115.217.162, represents a critical threat with a high risk score of 58.5. Its presence within an organizational environment signifies potential or ongoing malicious activity that demands immediate attention. This address has been extensively associated with aggressive tactics such as brute-force attacks, credential stuffing, and network scanning, often preceding ransomware deployment or unauthorized system access. Failure to a…
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
26
Reports
First seenJul 3, 2023
Last seenJun 2, 2026
GeolocationCN
CountryChina
LocationLiuxiang, Shanxi
ASNAS4134
OrgChinanet SN
Coords37.8694, 112.5615
Proxy
VirusTotal
Not checked
WHOIS
- description
- Distributed Password cracking attempts in Microsoft Entra ID involving multiple users from CN
- raw
- inetnum: 124.114.0.0 - 124.115.255.255 netname: CHINANET-SN descr: CHINANET Shanxi(SN) province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: XC9-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-SHAANXI mnt-routes: MAINT-CHINANET-SHAANXI mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:02Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: Xianghong Cao address: Shanxi provice data communication Bureau address: 185# zhuque Road address: Xi'an city, Shanxi provice 710061 country: CN phone: +8629-523-3633 fax-no: +8629-522-8093 e-mail: [email protected] nic-hdl: XC9-AP mnt-by: MAINT-CHINANET last-modified: 2017-03-17T01:44:04Z source: APNIC
- references
- https://purplesynapz.com/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://jamesbrine.com.au/vultrmadrid-ssh-bruteforce-ip-list-2024-04-18/, https://jamesbrine.com.au, https://www.resecurity.com/blog/article/Exposing-Cyber-Extortion-Trinity-BianLian-White-Rabbit-Mario-Ransomware-Gangs-Spotted-Joint-Campaign
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 8 days ago
Appeared in 26 threat reports