IPMediumSignal 54/100
157.122.198.36
Location
ChinaGuangzhou, Guangdong
ASN
AS17816
China Unicom Guangdong Province Network
First Seen
May 10, 2022
Last Seen
Jun 6, 2026
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionGuangzhou, Guangdong
ASNAS17816
OrganizationChina Unicom Guangdong Province Network
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
32 reports54% confidence
32
Source reports
54%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseaccount enumerationaccount takeover attemptactive scanactive scanningadresse ipaerospace & defenseaptasiaatif feedattackauthenticationauthentication abuseauthentication attackauthentication brute forceauthentication failure analysisauto-generated securityautomotive manufacturingazure adbad reputationbankingbanlist feedbelgiumbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsc2 communicationc2 serverchinacivil servicescloud environmentcloud infrastructurecloud infrastructure attackcloud servicescncommand & controlcommand and controlcommunication protocolcommunication technologiescompromised hostcompromised hostscowrie honeypotcredential accesscredential brute forcecredential harvestingcredential stuffingcredit card servicesctadata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydistributed attackselectronics manufacturingencryptionentra ideuropeexploitation activityexploitation attemptexploited hostexternal remote servicesfailed login attemptsfinancefinancial servicesfinancial technologyfinlandfranceftp brute forcegermanygovernment technologyhackinghoneynet connecthttp brute forceidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityiociot securityit infrastructurelateral movementloginlogin attacklogin attemptlogin attemptslogin brute forcemalaysiamalicious activitymalicious ip addressesmalicious softwaremalwaremalware distributionmanualmanufacturing technologymicrosoft 365microsoft azuremicrosoft entra idmilitary operationsmobile carriersmobile networksmultiple usersnational securitynetworknetwork attacksnetwork enumerationnetwork intrusionnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnextraynorth americapassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceprivateprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlreconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingrtbhsaslsasl authentication attackscanscannerscannersscanning activitysecurity operationssecurity policyservice scansftp attacksmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsoftware developmentspamssh attackssh monitoringssl vpnsupply chain attacksupply chain managementswedent1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1110: brute forcet1133t1187t1190t1486t1496t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1588.004t1589t1590.001t1592t1595t1595.001t1595.002t1595.003t1595: active scanningt1598t1598.003tcp attacktcp protocoltcp protocol attacktcp scantelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized accessunauthorized access attemptunited statesvalid accountsvoipvpnvulnerability scanwealth managementweb spam
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
32
Reports
First seenMay 10, 2022
Last seenJun 6, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS17816
OrgChina Unicom Guangdong Province Network
Coords34.7732, 113.7220
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- List of SSH attacking IPs detected by Rimba Siber honeypot.
- raw
- inetnum: 157.122.0.0 - 157.122.255.255 netname: UNICOM-GD descr: China Unicom Guangdong province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: RP181-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-GD mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2023-10-21T03:35:59Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] is invalid mnt-by: MAINT-CNCGROUP last-modified: 2025-09-10T13:07:04Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-10T13:08:11Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: runkeng pan nic-hdl: RP181-AP e-mail: [email protected] address: XinShiKong Plaza,No 666 Huangpu Rd. Guangzhou 510627,China phone: +86-20-22214174 fax-no: +86-20-22212266-4174 country: CN mnt-by: MAINT-CNCGROUP-GD last-modified: 2015-12-16T03:32:02Z source: APNIC route: 157.122.0.0/16 descr: China Unicom Guangdong Province Network country: CN origin: AS17816 mnt-by: MAINT-CNCGROUP-RR last-modified: 2011-04-22T07:04:02Z source: APNIC
- references
- 36.135.103.30.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://jamesbrine.com.au/bruteforce-ip-list-2024-05-11/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2024-04-27/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 20 days ago
Appeared in 32 threat reports