IOC Radar
IPMediumSignal 70/100

27.36.126.232

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS136959
China Unicom CHINA169 Guangdong Network
First Seen
Mar 29, 2024
Last Seen
May 27, 2026
Mar 29
First Seen
807d ago
May 27
Last Seen
18d ago
8
Reports
source reports
70%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

7 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS136959
OrganizationChina Unicom CHINA169 Guangdong Network

Feed Intelligence Summary

8 reports70% confidence
8
Source reports
70%
Confidence score
Category tags
active scanactive scanningasiabad web botbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcechinacncredential accesscredential stuffingdigital oceanexploitation activityidentity & access exploitationindicatornetworkpassword attacksphishingportscanreconnaissanceresearchedscannerscannersservice scant1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003web app attack

Activity Timeline

1 total obs
May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, represents a significant and active threat to organizational security, evidenced by its high score of 69.76 and its association with aggressive reconnaissance and initial access techniques. The presence of this IOC communicating with internal systems could indicate an attacker actively probing for vulnerabilities, attempting brute-force attacks, or engaging in credential stuffing against exposed services. Such activities are often precursors t…

Threat ScoreMedium Risk
70
SIGNAL
Signal Score
70%
Confidence
8
Reports
First seenMar 29, 2024
Last seenMay 27, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS136959
OrgChina Unicom CHINA169 Guangdong Network
Coords23.0863, 113.4940

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 27.36.0.0 - 27.36.255.255 netname: UNICOM-GDFS descr: China Unicom Foshan city network descr: China Unicom Foshan Branch country: CN admin-c: CG272-AP tech-c: CG272-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-CNCGROUP-GD last-modified: 2010-10-18T07:16:01Z source: APNIC role: CNCGROUP GD nic-hdl: CG272-AP e-mail: [email protected] address: XinShiKong Plaza,No 666 Huangpu Rd. Guangzhou 510627,China phone: +86-20-22214226 fax-no: +86-20-22214228 admin-c: RP181-AP tech-c: RP181-AP country: CN mnt-by: MAINT-CNCGROUP-GD last-modified: 2009-04-14T08:33:40Z source: APNIC route: 27.36.120.0/21 descr: China Unicom CHINA169 Guangdong Network country: CN origin: AS136959 mnt-by: MAINT-CNCGROUP-RR last-modified: 2018-03-13T02:54:02Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 18 days ago
Appeared in 8 threat reports