IOC Radar
IPMediumSignal 34/100

27.24.141.122

Location
ChinaChina
Shizishan, Hubei
ASN
AS4134
Chinanet HB
First Seen
Aug 29, 2025
Last Seen
Jun 11, 2026
Aug 29
First Seen
286d ago
Jun 11
Last Seen
today
19
Reports
source reports
34%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
34%
Signal Score
34 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryCNChina
RegionShizishan, Hubei
ASNAS4134
OrganizationChinanet HB

Feed Intelligence Summary

19 reports34% confidence
19
Source reports
34%
Confidence score
Category tags
account enumerationactive scanactive scanningactive-attackadresse ipapacheapache attackeraptasiaattackattacker-ipauthentication-failureazure adbankingbelgiumbelgium ip addressesblocklist_allbotnet activitybotnet activity detectedbrute forcebrute force attackbrute-forcebruteforcechinacloud environmentcloud infrastructurecncode-injectioncommand and controlcompromised credentialscompromised hostscowrie honeypotcredential accesscredential compromisecredential harvestingcredential stuffingcredential-attackcredential-dumpingcredit card servicesdata exfiltrationdata store exposureddosddos attackdecoy systemdenial of serviceeuropeexploitation activityexploited hostfinancefinancial servicesfinancial technologyfinlandfnt-secure-sentinelfnt-sentinelfrancefraud voipftp brute forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationimapimap attackindicatorinfected systemsinitial accessinjection activitylateral movementlogin attemptlogin attemptsmalaysiamalicious activitymalicious-ipmalwaremalware distributionmicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork enumerationnetwork intrusionnetwork scanningnetwork securitynetwork-reconnaissancenorth americapassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandprotocol exploitationransomwarereconnaissanceremote accessremote servicesresearchedscams & fraudscannerscannersscanning activitysecurity operationssftp attacksmb brute forcesmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringspamsql-injectionsshssh attackssh monitoringt1005t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1059t1059.001t1059.003t1059.004t1068t1071t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1499.001t1563t1566.001t1566.002t1566.003t1573t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003targeting databasetcp scantelnet threatthreat actorthreat intelligencethreat-feedtor nodeturkeyudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited statesvoidtrapvoidtrap-intelligencewealth managementweb app attackweb application attackweb exploitationweb spamweb-application-attack

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
34
SIGNAL
Signal Score
34%
Confidence
19
Reports
First seenAug 29, 2025
Last seenJun 11, 2026
GeolocationCN
CountryChina
LocationShizishan, Hubei
ASNAS4134
OrgChinanet HB
Coords30.5454, 114.3420

VirusTotal

Not checked

WHOIS

description
FNT Sentinel Real-time Intercept: SMTP brute-force detected. Reference: 2026-05-11 16:25:12.6334 Login failure: 27.24.141.122 SMTP
raw
inetnum: 27.16.0.0 - 27.31.255.255 netname: CHINANET-HB descr: CHINANET Hubei province network descr: Data Communication Division descr: China Telecom country: CN admin-c: YZ83-AP tech-c: ZC77-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- notify: [email protected] mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-HB mnt-routes: MAINT-CHINANET-HB mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:47Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: YanLing Zhang nic-hdl: YZ83-AP e-mail: [email protected] address: 8th floor of JinGuang Building address: 232# of Macao Road address: HanKou Wuhan Hubei Province address: P.R.China phone: +86-27-65655699 fax-no: +86-27-65654499 country: CN mnt-by: MAINT-CN-CHINANET-HB last-modified: 2021-05-12T00:52:28Z source: APNIC person: Zhengding Cai address: 8th floor of JinGuang Building address: 232# of Macao Road address: HanKou Wuhan Hubei Province address: P.R.China country: CN phone: +86-27-82862199 fax-no: +86-27-82861499 e-mail: [email protected] nic-hdl: ZC77-AP mnt-by: MAINT-CN-CHINANET-HB last-modified: 2008-09-04T07:30:00Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen today
Appeared in 19 threat reports