IOC Radar
IPMediumSignal 64/100

39.79.150.154

Location
ChinaChina
Jinan, Shandong
ASN
AS4837
China Unicom Shandong Province Network
First Seen
Mar 26, 2025
Last Seen
Feb 2, 2026
Mar 26
First Seen
445d ago
Feb 2
Last Seen
132d ago
10
Reports
source reports
64%
Confidence
medium
7/91
VirusTotal
detections
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryCNChina
RegionJinan, Shandong
ASNAS4837
OrganizationChina Unicom Shandong Province Network

Feed Intelligence Summary

10 reports64% confidence
10
Source reports
64%
Confidence score
Category tags
access controlactive scanningamadeyaptarmasiaasyncratbackdoorbase64bitbucketbookingbotnetbotnetdomainbrute forcebrute force attackbrute force attemptcensyschinacobalt-strikecobaltstrikecommand and controlcommunication protocolcredential accesscredential harvestingcredential stuffingcryptocurrency threatscryptojackingdata exfiltrationddosddos attacksdecoy systemdistributed attacksdropped-by-lummastealerelfencodedeuropeeurope/asiaexefakecaptchafinancegafgytgh0stratgroupgroupedguloaderhajimehtahtmlindicatorindonesiainformation stealerinfostealeringress tool transferinternet of thingsintrusion detectioniociocsiot botnetiot/ics attacklnklummastealermalicious network activitymalicious softwaremalwaremarkmipsmirai botnetmozinetworknetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningopendirpassword attacksphishing attackprocess injectionprotocol exploitationps1ransomwareratreconnaissanceremcos trojanremcosratremote accessremote access trojanremote servicesresearchedresource hijackingsaint helena, ascension and tristan da cunhascanscannersecurity policysignedsocial engineeringsouth americasshdkitstealert1021.001t1021.002t1027t1040t1046t1055t1056.001t1059t1059.001t1059.003t1071t1071.001t1071.004t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1595t1595.001t1595.002t1595.003tcp protocoltelnet threatthreat intelligencethreat preventiontrojan malwareturkeyua-wgetukraineurlsurls httpuruguayvbsweekwsgidavxml-opendirxorbotxworm

Activity Timeline

1 total obs
Feb 2Feb 2

Threat Activity Heatmap

· Peak: 2026-02-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
10
Reports
First seenMar 26, 2025
Last seenFeb 2, 2026
GeolocationCN
CountryChina
LocationJinan, Shandong
ASNAS4837
OrgChina Unicom Shandong Province Network
Coords36.6683, 116.9972

VirusTotal

7/ 91vendors flagged
8% detection rateJun 6, 2026

WHOIS

description
Scans hitting the server at TCP port 23 Telnet. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 39.64.0.0 - 39.95.255.255 netname: UNICOM-SD descr: China Unicom Shandong province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: XZ14-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP mnt-lower: MAINT-CNCGROUP-SD mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:20:18Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-09-04T05:18:38Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: XIAOFENG ZHANG nic-hdl: XZ14-AP e-mail: [email protected] address: Jinan,Shandong P.R China phone: +86-531-6666666 fax-no: +86-531-6666666 country: CN mnt-by: MAINT-ZXF last-modified: 2008-09-04T07:29:35Z source: APNIC route: 39.64.0.0/11 descr: China Unicom Shandong Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2011-04-22T06:46:01Z source: APNIC
references
https://any.run/malware-trends/, https://urlhaus.abuse.ch/, https://urlhaus.abuse.ch/browse/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 10 threat reports