IOC Radar
IPMediumSignal 55/100

180.76.104.208

Location
ChinaChina
Beijing, Beijing
ASN
AS38365
Beijing Baidu Netcom Science and Technology Co., Ltd.
First Seen
Aug 26, 2025
Last Seen
Jun 7, 2026
Aug 26
First Seen
289d ago
Jun 7
Last Seen
4d ago
22
Reports
source reports
55%
Confidence
medium
10/91
VirusTotal
detections
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Network Information

CountryCNChina
RegionBeijing, Beijing
ASNAS38365
OrganizationBeijing Baidu Netcom Science and Technology Co., Ltd.

Feed Intelligence Summary

22 reports55% confidence
22
Source reports
55%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningapacheapache attackeraptasiaattackattack source ipattacker-ipauthentication-failurebad reputationbad web botblocklist_allbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcec2 communicationchinacloud hostingcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecncommand & controlcommand and controlcowriecowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential theft attemptcredential-dumpingcredential-harvestingdata exfiltrationdata store exposureddosddos activityddos attackdecoy systemdenial of servicedigital oceanenv-huntingeuropeexploitation activityexploited hostexternal_threatfnt-secure-sentinelfnt-sentinelfranceftp brute-forcehackingidentity & access exploitationimapimap attackindicatorinitial accessipv4_activitylateral movementlciamalaysiamalicious activitymalicious-ipmalwaremalware distributionnetworknetwork discoverynetwork probingnetwork scanningnetwork securitynetwork_discoverynginxnorth americaopenctipassword attacksphishingphishing attackportscanprotocol exploitationreconnaissanceresearchedresource hijackingscannerscannersscanning activitysecurity operationsservice scansftpsftp attacksingaporesmtpsmtp attackersmtp-attacksocial engineeringspamsshssh attackssh monitoringssh-brutet-pott1003t1021.004t1040t1041t1059t1071t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1496t1499.001t1566t1566.001t1566.002t1566.003t1590t1592t1595t1595.001t1595.002t1595.003telnet threatthreat actorthreat intelligencetor nodeturkeyunauthorized accessunited kingdomunited statesvultrweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
22
Reports
First seenAug 26, 2025
Last seenJun 7, 2026
GeolocationCN
CountryChina
LocationBeijing, Beijing
ASNAS38365
OrgBeijing Baidu Netcom Science and Technology Co., Ltd.
Coords34.7732, 113.7220

VirusTotal

10/ 91vendors flagged
11% detection rateJun 8, 2026

WHOIS

description
FNT Sentinel Real-time Intercept: SMTP attack. Reference: 2026-05-14 11:07:42.0559 Login failure: 180.76.104.208 SMTP
raw
inetnum: 180.76.0.0 - 180.76.255.255 netname: Baidu descr: Beijing Baidu Netcom Science and Technology Co., Ltd. descr: Baidu Plaza, No.10, Shangdi 10th street, descr: Haidian District Beijing,100080 country: CN admin-c: BN261-AP tech-c: BN261-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-BAIDU-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2024-03-11T23:29:37Z source: APNIC irt: IRT-BAIDU-CN address: 12f,lixiang building ,zhongguancun,beijing e-mail: [email protected] abuse-mailbox: [email protected] admin-c: ZKY3-AP tech-c: ZKY3-AP auth: # Filtered mnt-by: MAINT-CNNIC-AP last-modified: 2025-11-18T00:35:07Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-19T17:20:32Z source: APNIC person: Baidu Noc address: Baidu Campus,NO.10 Shangdi 10th Street,Haidian District,Beijing The People's Republic of China 100085 country: CN phone: +86-18110062082 e-mail: [email protected] nic-hdl: BN261-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-11T23:28:23Z source: APNIC route: 180.76.64.0/18 descr: Baidu country: CN origin: AS38365 notify: [email protected] mnt-by: MAINT-CNNIC-AP last-modified: 2017-12-21T02:20:14Z source: APNIC route: 180.76.64.0/18 descr: Baidu country: CN origin: AS55967 notify: [email protected] mnt-by: MAINT-CNNIC-AP last-modified: 2017-12-21T02:20:19Z source: APNIC
references
https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-13/, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 4 days ago
Appeared in 22 threat reports