IPMediumSignal 48/100
125.90.173.236
Location
ChinaGuangzhou, Guangdong
ASN
AS4134
Chinanet GD
First Seen
Mar 31, 2025
Last Seen
Jun 12, 2026
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionGuangzhou, Guangdong
ASNAS4134
OrganizationChinanet GD
Feed Intelligence Summary
20 reports48% confidence
20
Source reports
48%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningasiaattackauthenticationauthentication brute forceauthentication bypassbad reputationbelgiumbotnetbotnet activitybrute forcebrute force attackbrute force attemptc2c2 serverchinacivil servicescloud environmentcloud infrastructurecommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowrie honeypotcredential accesscredential compromisecredential harvestingcredential stuffingcredential-accesscredentialsdata exfiltrationdata exfiltration attemptsdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemail-protocolentra ideuropeexploitation activityexploitation attemptexploitation attemptsexploited hostfinlandgovernment technologyhackingidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinjection activityiociot securitylogin attackmalaysiamalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware deployment attemptsmalware distributionmicrosoft 365microsoft azuremicrosoft entra idnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-protocolpassword attackpassword attackspassword crackingpassword sprayingphishingpop3 brute forceprocess injectionpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesremote accessresearchedresource hijackingsaslsasl brute forcescannerscannersscanning activitysecurity operationssecurity policysentrypeer botnetservice scansftp access attemptsftp attacksip brute forcesmtpsmtp attackersmtp brute forcesocial engineeringspamssh attackssh monitoringt1018t1021t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1573t1583t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp brute forcetcp protocoltelecommunicationsthreat actorthreat intelligencethreat preventiontor nodevalid accountsvoipvoip attackvulnerability scanweb application attackweb exploitationweb spam
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
· Peak: 2026-06-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
20
Reports
First seenMar 31, 2025
Last seenJun 12, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS4134
OrgChinanet GD
Coords34.7732, 113.7220
VirusTotal
Not checked
WHOIS
- description
- Distributed Password cracking attempts in Microsoft Entra ID involving multiple users from CN
- raw
- inetnum: 125.88.0.0 - 125.95.255.255 netname: CHINANET-GD descr: CHINANET Guangdong province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: CH93-AP tech-c: IC83-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-GD mnt-routes: MAINT-CHINANET-GD mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:48Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: IPMASTER CHINANET-GD nic-hdl: IC83-AP e-mail: [email protected] address: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU phone: +86-20-87189274 fax-no: +86-20-87189274 country: CN mnt-by: MAINT-CHINANET-GD remarks: IPMASTER is not for spam complaint,please send spam complaint to [email protected] abuse-mailbox: [email protected] last-modified: 2021-05-12T09:06:58Z source: APNIC
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, 36.135.103.30.txt, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 16 days ago
Appeared in 20 threat reports