IOC Radar
IPMediumSignal 100/100

36.213.197.7

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS9808
China TieTong Telecommunications Corporation
First Seen
Jan 29, 2025
Last Seen
Feb 27, 2026
Jan 29
First Seen
510d ago
Feb 27
Last Seen
115d ago
24
Reports
source reports
99%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS9808
OrganizationChina TieTong Telecommunications Corporation

Feed Intelligence Summary

24 reports99% confidence
24
Source reports
99%
Confidence score
Category tags
abuseaccessaccess controlactive scanningadbhoney activityadbhoney honeypotantispamasiaattackbankingbotnetbrute forcebrute force attackbrute-forcchinacisco devicecncommand and controlcommand executioncommunication protocolcowriecowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingcredit card servicesctadata encryptiondata exfiltrationdatabase attackdatabase securitydecoy systemdenial of servicedevice managementdhcpdionaeadionaea activitydionaea attackdionaea honeypotdistributed attackselasticsearchemailenterprise networkingfinancefinance and insurancefinancial servicesfinancial technologyftpftp brute forcegithubgroupshoneytrap activityhoneytrap honeypotimapindexindicatorinfoinformation gatheringinformation technologylamplamp attacklamp stack attacklateral movementldaplog4jmailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemssqlnetworknetwork infrastructurenetwork monitoringnetwork probingnetwork protocolnetwork scanningnetwork securitynoticentporaclepassword attackspayment processingphishingphishing attackphishing trapprocess injectionprotocol exploitationpythonreconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscanning activityscriptscripting attackssecurity policysentrypeer activitysentrypeer botnetserver exploitationsftpsftp activitysftp attacksipsip scanningslugsocial engineeringsocks5sql injectionsshssh attackssh monitoringsurface webt1021t1021.001t1021.002t1040t1041t1055t1059t1059.003t1059.004t1059.005t1059.007t1071.001t1077t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.004t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner attacktelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpotcevnc protocolvoipvoip attackwealth managementweb application attackweb attackweb exploitationweb scanner

Activity Timeline

1 total obs
Feb 27Feb 27

Threat Activity Heatmap

· Peak: 2026-02-27
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
24
Reports
First seenJan 29, 2025
Last seenFeb 27, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS9808
OrgChina TieTong Telecommunications Corporation
Coords23.1317, 113.2660

VirusTotal

Not checked

WHOIS

description
2025-02-04T10:13:02.864Z Honeypot : Tanner : Source: 36.213.197.7 : Port: 80 Post Data: {'response': {'message': {'sess_uuid': '2aaa0d08-8eaf-4995-8f22-72628331666e', 'detection': {'type': 1, 'version': '0.6.0', 'order': 0, 'name': 'unknown'}}}, 'version': '0.6.0'}
raw
inetnum: 36.212.0.0 - 36.215.255.255 netname: CMNET descr: China Mobile Communications Group Co., Ltd. country: CN admin-c: CT74-AP tech-c: CT74-AP abuse-c: AC1601-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-CNNIC-CN last-modified: 2023-12-07T03:57:36Z source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. remarks: [email protected] is invalid mnt-by: MAINT-CNNIC-AP last-modified: 2025-09-19T17:19:56Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-19T17:20:32Z source: APNIC role: chinamobile tech address: 29, Jinrong Ave.,Xicheng district address: Beijing country: CN phone: +86 5268 6688 fax-no: +86 5261 6187 e-mail: [email protected] admin-c: HL1318-AP tech-c: HL1318-AP nic-hdl: ct74-AP notify: [email protected] mnt-by: MAINT-cn-cmcc abuse-mailbox: [email protected] last-modified: 2016-11-29T09:37:27Z source: APNIC route: 36.192.0.0/11 descr: China TieTong Telecommunications Corporation country: CN origin: AS9394 mnt-by: MAINT-CNNIC-AP last-modified: 2012-02-22T01:40:01Z source: APNIC
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 24 threat reports