IOC Radar
IPMediumSignal 44/100

36.41.190.106

Location
ChinaChina
Xincheng, Shaanxi
ASN
AS134768
Chinanet SN
First Seen
Jan 29, 2025
Last Seen
Apr 7, 2026
Jan 29
First Seen
498d ago
Apr 7
Last Seen
64d ago
17
Reports
source reports
44%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
44%
Signal Score
44 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Network Information

CountryCNChina
RegionXincheng, Shaanxi
ASNAS134768
OrganizationChinanet SN

Feed Intelligence Summary

17 reports44% confidence
17
Source reports
44%
Confidence score
Category tags
abuseaccess attemptactive scanactive scanningasiabad reputationblacklisted domainblacklisted ipblacklisted urlbotnetbotnet activitybotnet c2botnet communicationbrute forcebrute force attackbrute force attemptbrute force attemptsc2 communicationc2 serverchinacncommand & controlcommand and controlcompromised hostscompromised system detectioncowrie honeypotcredential accesscredential stuffingcredential theftctadata exfiltrationdata store exposuredata theftddosddos activitydecoy systemdga domaindistributed attacksdns attackeuropeexploitation activityfailed login attemptsftp brute forcegb-originating traffichttp brute forcehttp communicationhttps communicationidentity & access exploitationindicatorinformation technologyinjection activityiocirc communicationit infrastructurelogin attackmalaysiamalicious domainsmalicious softwaremalwaremalware distributionnetworknetwork intrusionnetwork scanningnetwork service scanningnetwork traffic analysisnoticep2p communicationpassword attackspassword crackingpossible ddos activityprocess injectionransomwarereconnaissanceremote accessremote servicesresearchedscannerscannerssecurity operationsservice scansocradar honeypotsoftware developmentspamspam botssh attackssh monitoringt1005t1020t1021t1021.004t1029t1041t1055t1059t1059.001t1059.004t1059.005t1071t1071.001t1071.002t1071.003t1071.004t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1204t1204.002t1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1569t1569.002t1571t1573t1573.001t1573.002t1595t1595.001t1595.002t1595.003telecommunicationsthreat intelligencetor nodeunited kingdomvulnerability scan

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
44
SIGNAL
Signal Score
44%
Confidence
17
Reports
First seenJan 29, 2025
Last seenApr 7, 2026
GeolocationCN
CountryChina
LocationXincheng, Shaanxi
ASNAS134768
OrgChinanet SN
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

raw
inetnum: 36.40.0.0 - 36.47.255.255 netname: CHINANET-SN descr: CHINANET SHAANXI PROVINCE NETWORK descr: China Telecom descr: No.56,gaoxin street descr: Beijing 100032 country: CN admin-c: XC9-AP tech-c: XC9-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-SHAANXI mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:13Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Xianghong Cao address: Shanxi provice data communication Bureau address: 185# zhuque Road address: Xi'an city, Shanxi provice 710061 country: CN phone: +8629-523-3633 fax-no: +8629-522-8093 e-mail: [email protected] nic-hdl: XC9-AP mnt-by: MAINT-CHINANET last-modified: 2017-03-17T01:44:04Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 17 threat reports