IOC Radar
IPMediumSignal 54/100

180.95.238.119

Location
ChinaChina
Lanzhou, Gansu
ASN
AS4837
China Unicom Gansu Province Network
First Seen
Dec 4, 2020
Last Seen
May 29, 2026
Dec 4
First Seen
2014d ago
May 29
Last Seen
13d ago
12
Reports
source reports
54%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryCNChina
RegionLanzhou, Gansu
ASNAS4837
OrganizationChina Unicom Gansu Province Network

Feed Intelligence Summary

12 reports54% confidence
12
Source reports
54%
Confidence score
Category tags
abuseactive scanactive scanningapplication layer protocolaptasiaattackauthentication attackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attackschinacisco devicecncommand and controlcommunication protocolcompromised credentialscowrie attackscowrie honeypotcowrie ssh logscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedevice managementdionaea attacksdionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingexploitationexploitation activityexploited hostftp brute forcehackinghoneytrap honeypotidentity & access exploitationimapindicatorinjection activityintrusion detectioniociot securityipphoney honeypotlamplamp attacklamp exploitation attemptslamp server targetinglateral movementmailoney honeypotmalicious activitymalicious activity detectedmalicious network activitymalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork scanningnetwork securitynetwork service scanningnorth americapassword attacksphishingphishing attackphishing trappossible malware distributionprocess injectionransomwarereconnaissanceremote servicesresearchedresource hijackingscannerscripting attackssentrypeer botnetservice scansftp attacksip scanningsmtpsocial engineeringssh attackssh monitoringt1021t1040t1041t1055t1059t1059.001t1059.004t1059.007t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeunauthorized accessunauthorized access attemptunited statesvoipvoip attackweb application attackweb application scanningweb attackweb exploitation

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
12
Reports
First seenDec 4, 2020
Last seenMay 29, 2026
GeolocationCN
CountryChina
LocationLanzhou, Gansu
ASNAS4837
OrgChina Unicom Gansu Province Network
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

raw
inetnum: 180.95.128.0 - 180.95.255.255 netname: UNICOM-GS descr: China Unicom Gansu province network descr: China Unicom descr: No.21,Ji-Rong Street, descr: Beijing 100032 country: CN admin-c: CH1302-AP tech-c: YH137-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-GS mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:16:40Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: yun hu nic-hdl: YH137-AP e-mail: [email protected] address: 5/F Kaida Building 88 Qingyang Road Chengguan District,Lanzhou 730000,P.R. China phone: +86-931-2162064 fax-no: +86-931-2190000 country: CN mnt-by: MAINT-CNCGROUP-GS last-modified: 2008-09-04T07:30:40Z source: APNIC route: 180.95.128.0/17 descr: China Unicom Gansu Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2009-08-06T06:39:25Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 13 days ago
Appeared in 12 threat reports