IOC Radar
IPMediumSignal 31/100

124.31.107.34

Location
ChinaChina
Beijing, Beijing
ASN
AS4134
Chinanet XZ
First Seen
Nov 4, 2024
Last Seen
Apr 20, 2026
Nov 4
First Seen
600d ago
Apr 20
Last Seen
68d ago
9
Reports
source reports
31%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
31%
Signal Score
31 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

25 techniques

Network Information

CountryCNChina
RegionBeijing, Beijing
ASNAS4134
OrganizationChinanet XZ

Feed Intelligence Summary

9 reports31% confidence
9
Source reports
31%
Confidence score
Category tags
abuseactive scanactive scanningasiaattackbad reputationbotnetbotnet activitybrute forcebrute force attackchinacommand and controlcowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposureddosdecoy systemdenial of servicedistributed attacksexploitation activityidentity & access exploitationindicatorinitial accessinjection activitylateral movementlogin attemptlogin attemptsmalaysiamalicious activitymalicious softwaremalwarenetworknetwork intrusionnetwork probingnetwork scanningpassword attacksprocess injectionreconnaissanceresearchedscannerscannerssftp attackssh attackssh monitoringt1021t1021.004t1041t1046t1055t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat intelligencetor nodeweb application attackweb exploitation

Activity Timeline

1 total obs
Apr 20Apr 20

Threat Activity Heatmap

· Peak: 2026-04-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
31
SIGNAL
Signal Score
31%
Confidence
9
Reports
First seenNov 4, 2024
Last seenApr 20, 2026
GeolocationCN
CountryChina
LocationBeijing, Beijing
ASNAS4134
OrgChinanet XZ
Coords39.9042, 116.4070

VirusTotal

Not checked

WHOIS

description
List of SSH attacking IPs detected by Rimba Siber honeypot.
raw
inetnum: 124.31.104.0 - 124.31.119.255 netname: CHINANET-XZ country: CN descr: Tibet-shannan Telecom ADSL POOL admin-c: CH93-AP tech-c: LT113-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-CHINANET-XZ last-modified: 2008-09-04T07:27:44Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: LHASH Tibet-chinanet address: NO.59 ,XIZANG LASA ,BEIJING STREET country: CN phone: +86-0891-6812990 fax-no: +86-0891-6812991 e-mail: [email protected] nic-hdl: LT113-AP mnt-by: MAINT-CHINANET-XZ last-modified: 2009-09-01T09:18:07Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 9 threat reports