IOC Radar
IPMediumSignal 60/100

218.206.136.24

Location
ChinaChina
Nanjing, Jiangsu
ASN
AS56046
China Mobile Communications Corporation
First Seen
Jun 21, 2021
Last Seen
Jun 8, 2026
Jun 21
First Seen
1828d ago
Jun 8
Last Seen
15d ago
33
Reports
source reports
60%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

74 techniques

Network Information

CountryCNChina
RegionNanjing, Jiangsu
ASNAS56046
OrganizationChina Mobile Communications Corporation

Feed Intelligence Summary

33 reports60% confidence
33
Source reports
60%
Confidence score
Category tags
abuseaccess controlaccess_violationaccount compromiseaccount enumerationactive scanactive scanningactive-attackadresse ipanomalous network connectionsaptasiaatif feedattackattack source ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failureauthentication-failureauto-generated securityautomated attackautomated attacksautomated-attackazure adbad reputationbad web botbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblock listblock.txtblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute-force attackbrute_forcebruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco exploit attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie honeypotcowrie honeypot datacredential accesscredential compromisecredential harvestingcredential stuffingcredential-dumpingcredential-harvestingcredit card servicesctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdigital oceandionaea honeypotdistributed attacksemailenterprise networkingenumerationenv-huntingeuropeexecutable fileexploitexploitationexploitation activityexploitation attemptsexploited hostexternal attackexternal-scanningfail2ban activityfail2ban alertfail2ban blockedfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfinancefinancial servicesfinancial technologyfinlandfirewall eventfnt-secure-sentinelfnt-sentinelfranceftpftp brute forceftp brute-forceftp_brute_forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp enumerationhttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationimapimap attackindicatorinfoinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot targetedipv4ipv4 addresslamplamp exploit attemptslamp server targetinglateral movementlcialogin attacklogin attemptlogin attemptslogin brute forcelogin failuremailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious ipsmalicious loginmalicious script executionmalicious sftp loginmalicious softwaremalicious ssh loginmalicious trafficmalicious-ipmalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectedmultiple_failed_loginsnetworknetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_intrusionnginxnorth americanoticeoceaniaopenctios credential dumpingpassword attackpassword attackspassword crackingpassword sprayingpassword_attackpayment processingpgp signphishingphishing attackphishing trappolandpossible botnet activitypossible malware distributionpotential brute forcepotential malware uploadpotential reconnaissanceprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote access abuseremote access attackremote servicesresearchedresource hijackingrtbhscanscannerscannersscanning activitysecurity monitoringsecurity operationssecurity policyservice discoveryservice scansftp access attemptsftp access attemptssftp attacksftp exploit attemptsingaporesmb brute forcesmtpsmtp attackersmtp brute forcesmtp scanningsmtp-attacksocial engineeringspamsshssh attackssh monitoringssh-brutessh_brute_forcet-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059.008t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertcp scantcp-scanningtelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotturkeyudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized login attemptsunauthorized_access_attemptunited kingdomunited statesunknown threat actorus abuseus nonevoidtrapvoipvulnerability scanvultr hostingwealth managementweb app attackweb application attackweb brute forceweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
33
Reports
First seenJun 21, 2021
Last seenJun 8, 2026
GeolocationCN
CountryChina
LocationNanjing, Jiangsu
ASNAS56046
OrgChina Mobile Communications Corporation
Coords33.1402, 119.7890

VirusTotal

Not checked

WHOIS

description
Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
raw
inetnum: 218.206.96.0 - 218.206.159.255 netname: CMNET-jiangsu descr: China Mobile Communications Corporation - jiangsu country: CN admin-c: TC105-AP tech-c: TC105-AP abuse-c: AC2006-AP status: ALLOCATED NON-PORTABLE remarks: ------------------------------ remarks: Please send abuse e-mail to remarks: [email protected] remarks: Please send probe e-mail to remarks: [email protected] remarks: ------------------------------- mnt-by: MAINT-CN-CMCC mnt-lower: MAINT-CN-CMCC-jiangsu mnt-irt: IRT-CHINAMOBILE-CN last-modified: 2021-01-20T01:07:57Z source: APNIC irt: IRT-CHINAMOBILE-CN address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CT74-AP tech-c: CT74-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-07 mnt-by: MAINT-CN-CMCC last-modified: 2025-03-07T06:38:53Z source: APNIC role: ABUSE CHINAMOBILECN country: ZZ address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 phone: +000000000 e-mail: [email protected] admin-c: CT74-AP tech-c: CT74-AP nic-hdl: AC2006-AP remarks: Generated from irt object IRT-CHINAMOBILE-CN remarks: [email protected] was validated on 2025-03-07 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-07T06:39:27Z source: APNIC person: tao chen nic-hdl: TC105-AP e-mail: [email protected] address: 81st. HuJu Road, Nanjing, P.R.China phone: +86-13800250222 fax-no: +86-025-86668202 country: cn mnt-by: MAINT-CN-CMCC-JIANGSU last-modified: 2008-09-04T07:32:23Z source: APNIC route: 218.206.0.0/15 descr: China Mobile communications corporation origin: AS9808 mnt-by: MAINT-CN-CMCC last-modified: 2012-02-15T02:41:43Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://redpiranha.net, https://list.rtbh.com.tr/output.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 15 days ago
Appeared in 33 threat reports