IOC Radar
IPMediumSignal 61/100

144.7.108.131

Location
ChinaChina
Shijiazhuang, Hebei
ASN
AS136197
China Telecom
First Seen
Oct 24, 2024
Last Seen
Jun 4, 2026
Oct 24
First Seen
597d ago
Jun 4
Last Seen
9d ago
20
Reports
source reports
61%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

64 techniques

Network Information

CountryCNChina
RegionShijiazhuang, Hebei
ASNAS136197
OrganizationChina Telecom

Feed Intelligence Summary

20 reports61% confidence
20
Source reports
61%
Confidence score
Category tags
abuseaccessactionactive scanactive scanningactive-attackadbhoney activityadbhoney honeypotamerican express companyapacheapache attackeraptasiaattackauthentication attemptsbad reputationbad web botblacklisted ipblocklist_allbothammerbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcec2 serverchinaciscocisco devicecisco device targetedcisco exploitation attemptcisco exploitation attemptscncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostconfigconnectconpotconpot activityconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactionscowrie sshcowrie ssh attackscowrie ssh loginscredential accesscredential harvestingcredential stuffingctacyberattackdaily-threat-feeddata exfiltrationdata harvestingdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedenial-of-servicedevice managementdionaeadionaea activitydionaea honeypotdionaea malware collectiondistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingenumerationeuropeexecutable fileexploit attemptexploit attemptsexploit kitsexploitation activityexploited hostfilefinlandfranceftpftp brute forcegermanygithubgroupshackinghoneynet connecthoneytrap honeypothttphttp brute forcehttp scanninghuaweiics securityidentity & access exploitationindexindicatorindustrial control systemsinfoinformation technologyinitial accessinjection activityiosiot device targetingiot securityiot/ics attackipphoney honeypotlamplamp stack attacklateral movementlinuxlogin attemptmailoney activitymailoney honeypotmailoney trafficmalicious activitymalicious login attemptsmalicious payloadmalicious payload detectionmalicious sip activitymalicious softwaremalicious trafficmalicious_trafficmalwaremalware behaviourmalware capturemalware detectionmalware distributionmalware distribution attemptsmalware landingmalware propagationmobile threatnation-state activitynetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork_intrusionnorth americapassword attackpassword attackspassword crackingphishingphishing attackphishing trappingpolandpossible ddos activitypossible mirai variantpotential malware deploymentpotential vulnerability exploitationprocess injectionprotocol exploitationpythonransomwarerealtime-wafreconnaissanceredis exploitation attemptsredis honeypotredishoneypotremote accessremote access attemptsremote servicesresearchedresource hijackingscanscannerscanning activityscriptsentrypeer botnetserverservice scansftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp scanningsftp traffic analysissiemsipsip brute forcesip scanningslugsmb brute forcesmtpsmtp attackersmtp brute forcesmtp probesmtp probingsmtp traffic analysissocial engineeringsshssh attackssh monitoringsurface webt1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204t1210t1486t1490t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1588t1588.002t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodeudp port scanudp scanunauthorized access attemptunauthorized login attemptsunited statesunknown threat actoruploadvalid accountsvoipvoip attackvulnerability scanweb app attackweb application attackweb exploitationwells fargo bank

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
20
Reports
First seenOct 24, 2024
Last seenJun 4, 2026
GeolocationCN
CountryChina
LocationShijiazhuang, Hebei
ASNAS136197
OrgChina Telecom
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
Detected by Bothammer as actively attacking a WordPress site
raw
inetnum: 144.7.0.0 - 144.7.127.255 netname: CHINANET-HEBEI-XIONGAN descr: Chinanet Hebei Xiong'an network country: CN admin-c: CH93-AP tech-c: BR3-AP abuse-c: AC1890-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-CHINANET-HE mnt-irt: IRT-CHINANET-HE last-modified: 2024-10-10T07:47:44Z source: APNIC irt: IRT-CHINANET-HE address: NO.69 KunLun avenue, Shijiazhuang 050000 China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: BR3-AP auth: # Filtered remarks: [email protected] was validated on 2025-10-09 mnt-by: MAINT-CHINANET-HE last-modified: 2026-03-13T07:12:20Z source: APNIC role: ABUSE CHINANETHE country: ZZ address: NO.69 KunLun avenue, Shijiazhuang 050000 China phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: BR3-AP nic-hdl: AC1890-AP remarks: Generated from irt object IRT-CHINANET-HE remarks: [email protected] was validated on 2025-10-09 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-10-09T06:51:06Z source: APNIC person: Bin Ren nic-hdl: BR3-AP e-mail: [email protected] address: NO.69 KunLun avenue, Shijiazhuang 050000 China phone: +86-311-85211771 fax-no: +86-311-85202145 country: CN mnt-by: MAINT-CHINANET-HE last-modified: 2019-03-20T02:47:26Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 20 threat reports