IOC Radar
IPMediumSignal 60/100

58.56.128.190

Location
ChinaChina
Jinan, Shandong
ASN
AS4134
Chinanet SD
First Seen
May 12, 2024
Last Seen
Jun 13, 2026
May 12
First Seen
771d ago
Jun 13
Last Seen
9d ago
28
Reports
source reports
60%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

53 techniques

Network Information

CountryCNChina
RegionJinan, Shandong
ASNAS4134
OrganizationChinanet SD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

28 reports60% confidence
28
Source reports
60%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount enumerationactive scanactive scanningactive-attackadresse ipapacheapache attackeraptasiaattackaustraliaauthenticationauthentication attackauthentication-failureauthentication_attackautomated_attackazure adbad reputationbad web botbankingbelgiumbelgium ip addressesblocklist_allbotnetbotnet activitybotnet activity detectionbrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebrute_forcebruteforcec2c2 communicationchinacisco devicecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostscompromised systemcowriecowrie honeypotcredential accesscredential attackcredential compromisecredential harvestingcredential stuffingcredential theftcredential-accesscredential-dumpingcredential-harvestingcredit card servicesdata encryptiondata exfiltrationdata store exposureddosddos attackddos preparationdecoy systemdenial of servicedevice managementdigital oceandistributed attacksemailencryptionenterprise networkingenumerationenv-huntingeuropeexploitation activityexploited hostfinancefinancial servicesfinancial technologyfinlandfnt-secure-sentinelfnt-sentinelfrancefraud voipftpftp brute forcegermanyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttpsidentity & access exploitationimapimap attackindicatorindicators of compromiseinformation technologyinitial accessinitial access preparationinitial_accessinjection activityinternet facing assetsinternet-facing assetsinternet_scannersinternet_wide_scanipv4ipv4 scanningipv4-indicatorsipv4_indicatorsipv4_trafficit infrastructurelamplamp server targetinglateral movementlogin attemptmalaysiamalicious activitymalicious ip addressesmalicious loginmalicious script executionmalicious softwaremalicious-ipmalwaremalware distributionmalware infectionmicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnginxnorth americaoceaniaopen proxyopportunistic attackpassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandprocess injectionprotocol exploitationproxyreconnaissanceremote accessremote servicesremote-accessremote_accessresearchedresource hijackingscams & fraudscannerscannersscanning activitysecurity eventsecurity operationssecurity policysftp access attemptsftp attacksmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsoftware developmentspamsshssh attackssh monitoringssh-brutet1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1550t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1573.002t1588.004t1589t1589.002t1590t1590.002t1592t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp/iptelnet threatthreat actorthreat actor: unknownthreat detectionthreat intelligencethreat preventiontor nodeturkeyudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized login attemptsunauthorized-accessunited kingdomunited statesvalid accountswealth managementweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
28
Reports
First seenMay 12, 2024
Last seenJun 13, 2026
GeolocationCN
CountryChina
LocationJinan, Shandong
ASNAS4134
OrgChinanet SD
Coords36.6683, 117.0210
Proxy

VirusTotal

Not checked

WHOIS

description
FNT Sentinel Real-time Intercept: SMTP brute-force detected. Reference: 2026-05-12 09:56:10.0576 Login failure: 58.56.128.190 SMTP
raw
inetnum: 58.56.0.0 - 58.59.127.255 netname: CHINANET-SD descr: CHINANET SHANDONG PROVINCE NETWORK descr: Shandong Telecom Corporation descr: No.999,Shunhua road,Jinan,Shandong country: CN admin-c: XR55-AP tech-c: CH93-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+- remarks: This object can only be updated by APNIC hostmasters. remarks: To update this object, please contact APNIC remarks: hostmasters and include your organisation's account remarks: name in the subject line. remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-SD mnt-routes: MAINT-CHINANET-SD mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:56Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: Xin Ruosheng nic-hdl: XR55-AP e-mail: [email protected] address: No.999, road Shunhua, Jinan, Shandong province,China phone: +86-531-83190000 fax-no: +86-531-83190000 country: CN mnt-by: MAINT-CHINANET-SD last-modified: 2019-12-20T07:11:49Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 9 days ago
Appeared in 28 threat reports