IOC Radar
IPMediumSignal 52/100

36.212.31.122

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS9808
China TieTong Telecommunications Corporation
First Seen
Apr 17, 2025
Last Seen
Jun 7, 2026
Apr 17
First Seen
422d ago
Jun 7
Last Seen
6d ago
23
Reports
source reports
52%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

64 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS9808
OrganizationChina TieTong Telecommunications Corporation

Feed Intelligence Summary

23 reports52% confidence
23
Source reports
52%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanninganomalous network connectionsapacheaptasiaattackattack sourceaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication failuresauthentication_failuresautomated attackautomated attacksbad reputationbad web botbanner-grabbingblock listblock.txtblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco exploitation attemptcloud infrastructurecloud infrastructure attackcloud servicescncolumnscommand & controlcommand and controlcommunication protocolcommunity-sharedcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie datacowrie honeypotcredential accesscredential access attemptcredential harvestingcredential stuffingcredential_accesscredential_stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaea honeypotdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxexternal_threatfail2ban triggeredfailed loginfailed login attemptsfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationimap brute forceindicatorinformation technologyinitial accessinitial_accessinjection activityintrusion detectioniociot securityiot targetedipv4ipv4_addressit infrastructurejapanlamplamp server targetinglamp stacklateral movementlinux systemslogin attacklogin attemptlogin enumerationmailmalaysiamalicious activitymalicious hostmalicious ip activitymalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmispmod securitymultiple failed loginsnetworknetwork accessnetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnorth americanoticeoceaniaopportunistic attackerpassword attackpassword attackspassword sprayingpassword_guessingpgp signphishingphishing attackping of deathpolandpossible botnet activitypossible malware distributionpotential intrusionpotential malware uploadprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote access protocolremote servicesremote_accessresearchedresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policyservice scansftp attacksftp exploitation attemptssipsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh bruteforcessh monitoringswedent1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1588t1588.004t1589t1589.002t1590.003t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat-inteltimeouttokyotop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited kingdomunited statesunknown threat actorus abuseus nonevalid accountsvoipvulnerability scanvulnerability-exploitationvultr hostingweb app attackweb application attackweb exploitationweb loginweb spamweb traffic

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
23
Reports
First seenApr 17, 2025
Last seenJun 7, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS9808
OrgChina TieTong Telecommunications Corporation
Coords23.1317, 113.2660

VirusTotal

Not checked

WHOIS

description
Cowrie honeypot 24h activity
raw
inetnum: 36.212.0.0 - 36.215.255.255 netname: CMNET descr: China Mobile Communications Group Co., Ltd. country: CN admin-c: CT74-AP tech-c: CT74-AP abuse-c: AC1601-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-CNNIC-CN last-modified: 2023-12-07T03:57:36Z source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. mnt-by: MAINT-CNNIC-AP last-modified: 2021-06-16T01:39:57Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC role: chinamobile tech address: 29, Jinrong Ave.,Xicheng district address: Beijing country: CN phone: +86 5268 6688 fax-no: +86 5261 6187 e-mail: [email protected] admin-c: HL1318-AP tech-c: HL1318-AP nic-hdl: ct74-AP notify: [email protected] mnt-by: MAINT-cn-cmcc abuse-mailbox: [email protected] last-modified: 2016-11-29T09:37:27Z source: APNIC route: 36.192.0.0/11 descr: China TieTong Telecommunications Corporation country: CN origin: AS9394 mnt-by: MAINT-CNNIC-AP last-modified: 2012-02-22T01:40:01Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 23 threat reports