IOC Radar
IPMediumSignal 73/100

175.30.48.209

Location
ChinaChina
Jilin, JL
ASN
AS4134
Chinanet JL
First Seen
Feb 16, 2024
Last Seen
Jun 10, 2026
Feb 16
First Seen
860d ago
Jun 10
Last Seen
16d ago
12
Reports
source reports
73%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Network Information

CountryCNChina
RegionJilin, JL
ASNAS4134
OrganizationChinanet JL

Feed Intelligence Summary

12 reports73% confidence
12
Source reports
73%
Confidence score
Category tags
abuseaccessaccess controlactionactive scanactive scanningaptasiaattackautomated attacksautomated threatautomated-attackbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute-forcebrute-force attackchinacisco devicecisco exploitation attemptscncommand and controlcommunication protocolcompromised credentialscompromised hostconfigconnectcowriecowrie activitycowrie honeypotcowrie interactionscowrie ssh logscredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingcssdata exfiltrationdata store exposuredatabase attacksdatabase securityddosdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea honeypotdistributed attacksemailenterprise networkingexecutable fileexfiltrationexploitexploit attemptsexploitationexploitation activityexploited hostexternal access attemptsfattftpftp brute forceftp brute-forcegithubgroupshackinghoneytrap datahoneytrap honeypothttp scannerhttp scanninghttp/sidentity & access exploitationindicatorinfoinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniociot securityiot targetedlamplamp server targetinglamp stack attacklamp stack targetinglateral movementlinuxlinux serverslinux systemslinux-server-attackmailoney honeypotmalicious activitymalicious login attemptsmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware delivery attemptmanualnetworknetwork activitynetwork discoverynetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork traffic analysisp0fpassword attackpassword attacksphishingphishing attackphishing trappingport-scanningpossible mirai variantprocess injectionprotocol exploitationprotocol-abusepythonreconnaissanceredis honeypotredishoneypotremote accessresearchedresource hijackingscannerscannersscanning activityscriptsecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserverservice scanservice scanningsftpsftp activitysftp attacksftp-attacksipsip brute forcesip scanningslugsocial engineeringspamsshssh attackssh monitoringssh-brute-forcesurface webt1016t1018t1021t1021.004t1040t1041t1046t1055t1059t1059.004t1068t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1573t1587.001t1589t1590.001t1590.006t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanunauthorized accessunauthorized-access-attemptvoipvoip attackvulnerability scanweb app attackweb application attackweb attacksweb exploitationweb spamweb trafficweb-application-attack

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
12
Reports
First seenFeb 16, 2024
Last seenJun 10, 2026
GeolocationCN
CountryChina
LocationJilin, JL
ASNAS4134
OrgChinanet JL
Coords43.8800, 125.3247

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=CN; ports=12187 Location=Sydney, Australia.
raw
inetnum: 175.30.0.0 - 175.30.63.255 netname: CC-YIQITONGXIN descr: CHANGCHUN-YIQITONGXIN country: CN admin-c: YL1057-AP tech-c: YL1057-AP abuse-c: AC1933-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-CHINANET-JL mnt-irt: IRT-CHINANET-JL last-modified: 2021-01-25T13:18:43Z source: APNIC irt: IRT-CHINANET-JL address: No.2136,Dong-Nan-Hu Road,Changchun,130000,Jilin e-mail: [email protected] abuse-mailbox: [email protected] admin-c: YL1057-AP tech-c: YL1057-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-12 mnt-by: MAINT-CHINANET-JL last-modified: 2025-03-12T00:46:10Z source: APNIC role: ABUSE CHINANETJL country: ZZ address: No.2136,Dong-Nan-Hu Road,Changchun,130000,Jilin phone: +000000000 e-mail: [email protected] admin-c: YL1057-AP tech-c: YL1057-AP nic-hdl: AC1933-AP remarks: Generated from irt object IRT-CHINANET-JL remarks: [email protected] was validated on 2025-03-12 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-12T00:46:46Z source: APNIC person: YI LU nic-hdl: YL1057-AP e-mail: [email protected] address: No.2136,Southeast lake Street,Changchun,130042,Jilin phone: +86-431-85880000 fax-no: +86-431-5881234 country: CN mnt-by: MAINT-CHINANET-JL last-modified: 2019-11-13T03:31:49Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 16 days ago
Appeared in 12 threat reports