IOC Radar
IPMediumSignal 66/100

36.213.6.167

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS9808
China TieTong Telecommunications Corporation
First Seen
Mar 20, 2025
Last Seen
Mar 11, 2026
Mar 20
First Seen
451d ago
Mar 11
Last Seen
95d ago
14
Reports
source reports
66%
Confidence
medium
1/91
VirusTotal
detections
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

24 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS9808
OrganizationChina TieTong Telecommunications Corporation

Feed Intelligence Summary

14 reports66% confidence
14
Source reports
66%
Confidence score
Category tags
abuseaccess controlactive scanningasiaattackauthentication attackauthentication failuresbotnetbrute forcebrute force attackchinacommand and controlcowrie honeypotcredential accesscredential stuffingdata exfiltrationdecoy systemdistributed attackseuropefail2ban triggeredftp brute forceindicatorlogin attemptmalicious activitymalicious softwaremalwarenetworknetwork reconnaissancenetwork scanningpassword attackspotential intrusion attemptprocess injectionreconnaissanceresearchedscannersecurity policysftp attackssh attackssh monitoringt1021t1021.001t1021.002t1041t1046t1055t1059t1059.004t1071.001t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat preventionudp port scanunauthorized accessunited kingdom

Activity Timeline

1 total obs
Mar 11Mar 11

Threat Activity Heatmap

· Peak: 2026-03-11
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The Internet Protocol (IP) address `36.213.6.167` is classified as a high-severity Indicator of Compromise (IOC) with a score of 66.2 and is not whitelisted, indicating a high probability of malicious intent. Its presence in numerous reputable threat intelligence feeds, including AbuseIPDB, AlienVault OTX, and ThreatHose, strongly suggests involvement in active cybercriminal operations. Detection of this IP address within an organization's network perimeter or logs signals a potential ongoing or…

Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
14
Reports
First seenMar 20, 2025
Last seenMar 11, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS9808
OrgChina TieTong Telecommunications Corporation
Coords34.7732, 113.7220

VirusTotal

1/ 91vendors flagged
1% detection rateJun 7, 2026

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 36.212.0.0 - 36.215.255.255 netname: CMNET descr: China Mobile Communications Group Co., Ltd. country: CN admin-c: CT74-AP tech-c: CT74-AP abuse-c: AC1601-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-CNNIC-CN last-modified: 2023-12-07T03:57:36Z source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. mnt-by: MAINT-CNNIC-AP last-modified: 2025-09-04T01:00:17Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC role: chinamobile tech address: 29, Jinrong Ave.,Xicheng district address: Beijing country: CN phone: +86 5268 6688 fax-no: +86 5261 6187 e-mail: [email protected] admin-c: HL1318-AP tech-c: HL1318-AP nic-hdl: ct74-AP notify: [email protected] mnt-by: MAINT-cn-cmcc abuse-mailbox: [email protected] last-modified: 2016-11-29T09:37:27Z source: APNIC route: 36.192.0.0/11 descr: China TieTong Telecommunications Corporation country: CN origin: AS9394 mnt-by: MAINT-CNNIC-AP last-modified: 2012-02-22T01:40:01Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 14 threat reports