IOC Radar
IPMediumSignal 64/100

223.71.254.162

Location
ChinaChina
Beijing, BJ
ASN
AS56048
China Mobile
First Seen
Nov 7, 2024
Last Seen
Jun 7, 2026
Nov 7
First Seen
580d ago
Jun 7
Last Seen
4d ago
27
Reports
source reports
64%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Network Information

CountryCNChina
RegionBeijing, BJ
ASNAS56048
OrganizationChina Mobile

Feed Intelligence Summary

27 reports64% confidence
27
Source reports
64%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount enumerationaccount profilingaccount takeoveractive scanactive scanningactive-attackadresse ipaptasiaatif feedattackauthenticationauthentication attacksauthentication bypassauthentication-failureauto-generated securityazure adbad reputationbad web botbankingbanlist feedbelgiumbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcebruteforcec2 communicationc2 serverchinacivil servicescloud environmentcloud infrastructurecncommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential-dumpingcredit card servicesctadata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdenial of servicedigital oceandistributed attacksentra ideuropeexploitexploitation activityexploited hostexternal remote servicesfinancefinancial servicesfinancial technologyfinlandfnt-secure-sentinelfnt-sentinelfranceftpftp brute forcegermanygovernment technologyhackinghoneynet connecthttp brute forceidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniocit infrastructurelateral movementlogin attacklogin attemptlogin attemptslogin brute forcemalaysiamalicious activitymalicious softwaremalicious-ipmalwaremalware distributionmanualmicrosoft 365microsoft azuremicrosoft entra idmultiple accountsmultiple usersnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaos credential dumpingpassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesremote accessremote servicesresearchedsaslsasl brute forcescannerscannersscanning activitysecurity operationssecurity policyservice scansftp attacksmb brute forcesmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsoftware developmentspamsshssh attackssh monitoringssh-brutet1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1587.001t1588.004t1590.001t1592t1595t1595.001t1595.002t1595.003tcp brute forcetcp protocoltcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodetpotturkeyudp scanunauthorized accessunauthorized access attemptunited kingdomunited statesvalid accountsvulnerability scanvulnerability-exploitationwealth managementweb app attackweb application attackweb crawlerweb crawlingweb exploitationweb spam

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
27
Reports
First seenNov 7, 2024
Last seenJun 7, 2026
GeolocationCN
CountryChina
LocationBeijing, BJ
ASNAS56048
OrgChina Mobile
Coords39.7405, 116.3283

VirusTotal

Not checked

WHOIS

description
Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 223.71.254.162 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to db4lamedtech between 2026-04-07 17:11 and 2026-04-07 17:11 UTC.
raw
inetnum: 223.64.0.0 - 223.117.255.255 netname: CMNET descr: China Mobile Communications Corporation descr: Mobile Communications Network Operator in China descr: Internet Service Provider in China country: CN org: ORG-CM1-AP admin-c: HL1318-AP tech-c: HL1318-AP abuse-c: AC2006-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CN-CMCC mnt-routes: MAINT-CN-CMCC mnt-irt: IRT-CHINAMOBILE-CN last-modified: 2020-10-20T00:58:37Z source: APNIC irt: IRT-CHINAMOBILE-CN address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CT74-AP tech-c: CT74-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-07 mnt-by: MAINT-CN-CMCC last-modified: 2025-09-04T05:15:16Z source: APNIC organisation: ORG-CM1-AP org-name: China Mobile org-type: LIR country: CN address: 29, Jinrong Ave. phone: +86-10-5268-6688 fax-no: +86-10-5261-6187 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:48Z source: APNIC role: ABUSE CHINAMOBILECN country: ZZ address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 phone: +000000000 e-mail: [email protected] admin-c: CT74-AP tech-c: CT74-AP nic-hdl: AC2006-AP remarks: Generated from irt object IRT-CHINAMOBILE-CN remarks: [email protected] was validated on 2025-03-07 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-07T06:39:27Z source: APNIC person: haijun li nic-hdl: HL1318-AP e-mail: [email protected] address: 29,Jinrong Ave, Xicheng district,beijing,100032 phone: +86 1052686688 fax-no: +86 10 52616187 country: CN mnt-by: MAINT-CN-CMCC abuse-mailbox: [email protected] last-modified: 2016-11-29T09:38:38Z source: APNIC route: 223.64.0.0/11 descr: China Mobile communications corporation origin: AS9808 mnt-by: MAINT-CN-CMCC last-modified: 2012-02-15T08:54:23Z source: APNIC
references
36.135.103.30.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 days ago
Appeared in 27 threat reports