IOC Radar
IPMediumSignal 60/100

39.152.193.72

Location
ChinaChina
Shenyang, BJ
ASN
AS56044
China Mobile
First Seen
Feb 18, 2024
Last Seen
Jun 5, 2026
Feb 18
First Seen
846d ago
Jun 5
Last Seen
8d ago
26
Reports
source reports
60%
Confidence
medium
11/91
VirusTotal
detections
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryCNChina
RegionShenyang, BJ
ASNAS56044
OrganizationChina Mobile

Feed Intelligence Summary

26 reports60% confidence
26
Source reports
60%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseaccount enumerationaccount-compromiseactive scanactive scanningactive-attackadresse ipaptasiaatif feedattackauthenticationauthentication brute forceauto-generated securityautomated-attackazure adbad reputationbad web botbankingbanlist feedbelgiumbinary defenseblocklist_allbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attemptbrute-forcebruteforcec2 communicationchinacloud infrastructurecloud infrastructure attackcloud servicescncommand & controlcommand and controlcommunication protocolcompromised hostscowrie honeypotcredential accesscredential harvestingcredential stuffingcredential-accesscredit card servicesdata exfiltrationdata exfiltration attemptsdata store exposuredatabase securityddosddos attackddos participationdecoy systemdenial of servicedictionary attackdigital oceandionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemail-protocoleuropeexploit activityexploitation activityexploitation attemptexploitation attemptsexploited hostexternal-scanningfinancefinancial servicesfinancial technologyfinlandfnt-secure-sentinelfnt-sentinelfranceftp brute forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationimapindicatorinfrastructure acquisitionreconnaissanceinjection activityinternet-wide scaniot securityipv4ipv4-indicatorslateral movementlogin attemptlogin-attackmalaysiamalicious activitymalicious domainmalicious ipmalicious softwaremalicious-ipmalwaremalware behaviourmalware capturemalware deployment attemptsmalware distributionmanualmicrosoft entra idmultiple usersnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork-protocolnetwork-reconnaissancenorth americaopenctipassword attackpassword attackspassword crackingpassword-attackpayment processingphishingphishing attackpolandpotential-atoprocess injectionproject_gifted1protocol exploitationratreconnaissanceremote accessremote servicesremote-accessresearchedresource hijackingrobotrtbhsaslscannerscannersscanning activitysecurity operationssecurity policysentrypeer botnetservice scansftp access attemptsftp attacksip brute forcesmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringspamsshssh attackssh monitoringt1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588.004t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scantcp-scanningtelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodeturkeyudp scanudp-scanningunauthorized access attemptunauthorized-accessunited statesvoipvoip attackwealth managementweb app attackweb application attackweb exploitationworker_strike

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
26
Reports
First seenFeb 18, 2024
Last seenJun 5, 2026
GeolocationCN
CountryChina
LocationShenyang, BJ
ASNAS56044
OrgChina Mobile
Coords39.9285, 116.3850

VirusTotal

11/ 91vendors flagged
12% detection rateJun 6, 2026

WHOIS

description
FNT Sentinel Real-time Intercept: SMTP brute-force detected. Reference: 2026-05-09 18:43:00.4537 Login failure: 39.152.193.72 SMTP
raw
inetnum: 39.128.0.0 - 39.191.255.255 netname: CMNET descr: China Mobile Communications Corporation descr: Mobile Communications Network Operator in China descr: Internet Service Provider in China country: CN org: ORG-CM1-AP admin-c: ct74-AP tech-c: HL1318-AP abuse-c: AC2006-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CN-CMCC mnt-routes: MAINT-CN-CMCC mnt-irt: IRT-CHINAMOBILE-CN last-modified: 2020-10-20T00:58:36Z source: APNIC irt: IRT-CHINAMOBILE-CN address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CT74-AP tech-c: CT74-AP auth: # Filtered remarks: [email protected] was validated on 2025-09-15 mnt-by: MAINT-CN-CMCC last-modified: 2025-09-15T02:19:35Z source: APNIC organisation: ORG-CM1-AP org-name: China Mobile org-type: LIR country: CN address: 29, Jinrong Ave. phone: +86-10-5268-6688 fax-no: +86-10-5261-6187 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:48Z source: APNIC role: ABUSE CHINAMOBILECN country: ZZ address: China Mobile Communications Corporation address: 29, Jinrong Ave., Xicheng District, Beijing, 100032 phone: +000000000 e-mail: [email protected] admin-c: CT74-AP tech-c: CT74-AP nic-hdl: AC2006-AP remarks: Generated from irt object IRT-CHINAMOBILE-CN remarks: [email protected] was validated on 2025-09-15 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-15T02:20:13Z source: APNIC role: chinamobile tech address: 29, Jinrong Ave.,Xicheng district address: Beijing country: CN phone: +86 5268 6688 fax-no: +86 5261 6187 e-mail: [email protected] admin-c: HL1318-AP tech-c: HL1318-AP nic-hdl: ct74-AP notify: [email protected] mnt-by: MAINT-cn-cmcc abuse-mailbox: [email protected] last-modified: 2016-11-29T09:37:27Z source: APNIC person: haijun li nic-hdl: HL1318-AP e-mail: [email protected] address: 29,Jinrong Ave, Xicheng district,beijing,100032 phone: +86 1052686688 fax-no: +86 10 52616187 country: CN mnt-by: MAINT-CN-CMCC abuse-mailbox: [email protected] last-modified: 2016-11-29T09:38:38Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 8 days ago
Appeared in 26 threat reports