IPMediumSignal 66/100
27.115.124.112
Location
ChinaShanghai, GD
ASN
AS17621
China Unicom Shanghai Province Network
First Seen
May 5, 2023
Last Seen
May 24, 2026
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionShanghai, GD
ASNAS17621
OrganizationChina Unicom Shanghai Province Network
Feed Intelligence Summary
18 reports66% confidence
18
Source reports
66%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney activityadbhoney honeypotadbhoney interactionsapplication exploitationapplication layer protocolasiaattackaustraliaauthentication attackauthentication attemptsauthentication failureautomated attackbad reputationbad web botbankingbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2chinaciscocisco attackcisco devicecisco device targetingcisco exploit attemptscisco exploitation attemptscisco_exploitcncommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialsconpotconpot activityconpot honeypotcowriecowrie activitycowrie attackcowrie attackscowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackscowrie ssh honeypotcowrie_attackcredential accesscredential harvestingcredential stuffingcredential stuffing attemptscredential_accesscredit card servicesdata exfiltrationdata store exposuredatabase attackdatabase exploitation attemptsdatabase securityddosddos attackddos attack indicatorsddos reflectiondecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attackdionaea capturedionaea exploit attemptsdionaea honeypotdionaea interactionsdionaea malware collectiondistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringemailenterprise networkingexploitexploit attemptexploit kit activityexploitationexploitation activityexploited hostfattfinancefinance and insurancefinancial servicesfinancial technologyftpftp brute forceftp brute-forcegithubgroupshackingheralding behaviorhoneytrap activityhoneytrap honeypothttp brute forcehttp scannerhttp scanningics securityidentity & access exploitationimapindexindicatorindustrial control systemsinformation technologyinitial accessinitial_accessinjection activityinjection attacksintrusion detectioniociot device targetingiot securityiot/ics attackipphoney activityipphoney dataipphoney honeypotlamplamp attacklamp exploit attemptslamp stack attacklamp stack targetinglamp_exploitlateral movementmailoney activitymailoney honeypotmalicious activitymalicious emailmalicious network activitymalicious payload attemptmalicious payload detectionmalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware distribution attemptnetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnmapnorth americaoceaniaopenctip0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapport-scanportscanpossible exploit attemptpossible malware distributionpotential malware activitypotential malware distributionprobingprocess injectionprotocol exploitationpythonransomwareransomware activityreconnaissanceredis honeypotredishoneypotremote accessremote service exploitationremote servicesresearchedresource hijackingscannerscannersscanningscanning activityscriptscripting attackssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer connectionssentrypeer detectionservice enumerationservice scansftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp_attackshell access attemptssipsip attackssip brute forcesip scanningsip vulnerability scansip_attackslugsmtpsmtp brute forcesmtp enumerationsocial engineeringsocradar honeypotspamsql injection attemptssshssh attackssh monitoringssh_bruteforcesurface websystem accesst-pott1016t1021t1021.002t1021.004t1021.005t1021.006t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1588t1589t1595t1595.001t1595.002t1595.003tannertanner attacktanner interactionstargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotcettpsunauthorized accessunauthorized access attemptunauthorized loginunited statesvalid accountsvoipvoip attackvulnerability scanwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitweb exploit attemptweb exploitationweb scannerweb trafficwebscanwebscanner
Activity Timeline
May 24May 24
Threat Activity Heatmap
· Peak: 2026-05-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
18
Reports
First seenMay 5, 2023
Last seenMay 24, 2026
GeolocationCN
CountryChina
LocationShanghai, GD
ASNAS17621
OrgChina Unicom Shanghai Province Network
Coords22.5318, 114.1374
VirusTotal
Not checked
WHOIS
- description
- 2025-02-14T17:53:25.923Z Honeypot : Tanner : Source: 27.115.124.112 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': 'df0e5950-abab-44d9-ab76-d960a9aff7d6'}}}
- raw
- inetnum: 27.115.0.0 - 27.115.127.255 netname: UNICOM-SH descr: CHINA UNICOM Shanghai city network descr: China Unicom descr: No.21,Jin Rong Street,Beijing,100033 descr: P.R.China country: CN admin-c: CH1302-AP tech-c: CH1302-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-SH mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:14:43Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC route: 27.115.0.0/17 descr: China Unicom Shanghai Province Network country: CN origin: AS17621 mnt-by: MAINT-CNCGROUP-RR last-modified: 2010-07-13T00:46:02Z source: APNIC
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/nmap-scanning-list-2023-06-13/, https://jamesbrine.com.au
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 20 days ago
Appeared in 18 threat reports