IOC Radar
IPMediumSignal 70/100

42.180.130.120

Location
ChinaChina
Shenyang, Liaoning
ASN
AS4837
China Unicom Liaoning Province Network
First Seen
May 29, 2024
Last Seen
May 25, 2026
May 29
First Seen
748d ago
May 25
Last Seen
22d ago
28
Reports
source reports
70%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

61 techniques

Network Information

CountryCNChina
RegionShenyang, Liaoning
ASNAS4837
OrganizationChina Unicom Liaoning Province Network

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

28 reports70% confidence
28
Source reports
70%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseactive scanactive scanningapplication layer protocolaptas path poisoningasiaattackattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication failuresauthentication_failuresauto-generated securityautomated attackautomated attacksautomated mitigationautomated threatautomated-attackbad reputationbad web botbgpblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2c2 serverchinacisco devicecisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescncode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication technologiescompromised credentialscompromised hostscore network compromisecowrie attackscowrie datacowrie honeypotcredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingcredential stuffing attemptscredential-harvestingcredential-stuffingcredential_accesscredential_stuffingctadata exfiltrationdata interceptiondata store exposuredata theftdatabase attacksdatabase securityddosddos attackddos mitigationdecoy systemdenial of servicedevice compromise attemptsdevice managementdictionary attackdigital oceandionaea attacksdionaea honeypotdistributed attacksdnsdns attackenterprise networkingenumerationenv-huntingeuropeexploitexploitationexploitation activityexploitation attemptexploited hostexport-to-otxexternal access attemptsfail2ban alertfail2ban alertsfail2ban blocked ipfail2ban eventfail2ban eventsfailed authenticationfailed login attemptsfailed loginsfattfinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegame_servergermanyhackinghoneynet connecthoneypot 24h activityhoneytrap datahoneytrap honeypothttp brute forcehttp floodhttp scannerhttp scanninghttp/shttpsidentity & access exploitationindiainfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinter-as route manipulationintrusion detectioniociot securityiot targetedipv4kill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitation attemptslamp stacklamp stack attacklamp stack targetinglateral movementlateral network movementlinux serverslinux systemslinux-server-attacklogin attemptlogin attemptslogin failureslow-riskmailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious ipsmalicious sftp activitymalicious softwaremalicious ssh activitymalicious-login-attemptsmalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmanualmispmobile carriersmobile networksnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork infrastructure attacknetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnginxnorth americaoceaniaopen proxyopenctiosintp0fpassword attackpassword attackspassword sprayingpassword_guessingphishingphishing attackphishing trapping of deathpolandport-scanningpossible malware distributionpossible mirai variantprocess injectionprotocol exploitationprotocol-abuseproxyransomwarereconnaissanceremote accessremote access attemptremote servicesremote_accessresearchedresource hijackingrouting protocolrtbhscams & fraudscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionservice scanservice scanningsftp activitysftp attacksftp attackssftp exploitation attemptssftp-attacksip scanningsmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotspamsshssh attackssh bruteforcessh monitoringssh-brute-forcestaging_serversyn floodt-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.001t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204.002t1486t1496t1497.001t1499.001t1499.002t1499.003t1550t1550.002t1563t1565t1566.001t1566.002t1566.003t1571t1573t1583t1587.001t1589t1589.002t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecom servicestelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontier-1 network vulnerabilitytor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesvalid accountsvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvultr ipweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitationweb loginweb spamweb trafficweb-application-attack

Activity Timeline

1 total obs
May 25May 25

Threat Activity Heatmap

· Peak: 2026-05-25
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
70
SIGNAL
Signal Score
70%
Confidence
28
Reports
First seenMay 29, 2024
Last seenMay 25, 2026
GeolocationCN
CountryChina
LocationShenyang, Liaoning
ASNAS4837
OrgChina Unicom Liaoning Province Network
Coords40.6857, 122.2557
ProxyVPN

VirusTotal

Not checked

WHOIS

description
List of SSH attacking IPs detected by the Rimba Siber honeypot.
raw
inetnum: 42.176.0.0 - 42.183.255.255 netname: UNICOM-LN descr: UNICOM Liaoning Province Network descr: China Unicom descr: No.21, Jin-Rong Street descr: Beijing 100033 country: CN admin-c: CH444-AP tech-c: ZB17-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2023-10-21T03:29:06Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: CNCGroup Hostmaster nic-hdl: CH444-AP e-mail: [email protected] address: No.21,Financial Street address: Beijing,100033,P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CN-CUCGROUP last-modified: 2017-09-05T06:36:14Z source: APNIC person: ZHAO BO address: 96,JieFang Road ChangChun 130021 China. country: CN phone: +86-431-8925217 fax-no: +86-431-8925190 e-mail: [email protected] nic-hdl: ZB17-AP mnt-by: MAINT-CHINANET-JL last-modified: 2008-09-04T07:30:04Z source: APNIC route: 42.176.0.0/13 descr: China Unicom Liaoning Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2011-03-02T05:24:02Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 22 days ago
Appeared in 28 threat reports