IOC Radar
IPMediumSignal 73/100

60.199.224.2

Location
Taiwan, Province of ChinaTaiwan, Province of China
Taipei, Taiwan
ASN
AS9924
Taiwan Fixed Network CO., LTD.
First Seen
Nov 24, 2022
Last Seen
Jun 7, 2026
Nov 24
First Seen
1294d ago
Jun 7
Last Seen
3d ago
31
Reports
source reports
73%
Confidence
medium
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

81 techniques

Network Information

CountryTWTaiwan, Province of China
RegionTaipei, Taiwan
ASNAS9924
OrganizationTaiwan Fixed Network CO., LTD.

IP Category

VPN
VPN exit node

Feed Intelligence Summary

31 reports73% confidence
31
Source reports
73%
Confidence score
Category tags
abuseaccess controlaccess control violationaccess-controlaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapplication layer protocolaptasiaasnattackattack sourceattack source ipattack-attemptattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication failureauthentication failuresauthentication-attemptsauthentication_failuresautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botblock listblock.txtblocked ip addressblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcbrute-forcebruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcowrie interactionscredential accesscredential brute forcecredential brute-forcingcredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-accesscredential-guessingcredential-stuffingcredential_attackcredential_stuffingcredentialsctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attemptdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandionaeadionaea honeypotdionaea interactionsdistributed attacksemail-bruteforceencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptexploit targetingexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxexposed servicesexternal attackexternal scanningfail2ban alertfail2ban alertsfail2ban blocked ipfail2ban blocked ipsfail2ban logfail2ban triggerfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfailed-authenticationfailed-loginsfattfatt signaturesfilefinlandfirewall logs analysisfranceftpftp brute forceftp brute-forcegeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationimap brute forceindiaindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure-as-a-serviceinitial accessinjection activityinjection attacksinternet_scanintrusion attemptintrusion detectionintrusion-prevention-systemiociot securityiot targetedip-addressesipv4ipv4 addressipv4 indicatorsit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp server targetinglamp stacklateral movementlcialinux systemslinux-serverlinux-server-attacksloginlogin attacklogin attemptlogin attemptslogin brute forcelogin bruteforcelogin failurelondonlow-riskmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ipsmalicious loginmalicious payloadmalicious script executionmalicious softwaremalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmispmod securitymultiple failed loginsnetworknetwork accessnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-scanningnetwork_probingnetwork_reconnaissancenorth americanoticeoceaniaopen_port_discoveryopenctiosintosint enrichmentp0fp0f signaturesparispassword attackpassword attackspassword sprayingpassword-guessingpassword_attackpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible compromisepossible malware distributionpotential ddos activityprivateprocess injectionprotocol exploitationprotocol-probingpublicly accessible infrastructureransomwarereconnaissancereconnaissance activityredis honeypotremote accessremote access attemptremote service exploitationremote servicesremote_accessresearchresearchedresource hijackingrule based detectionscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity-eventsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver-attackservice scanservice_enumerationsftp access attemptsftp attacksftp exploitation attemptssingaporesipsip brute forcesip scansip scanningsmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware developmentspamsql injectionsshssh attackssh bruteforcessh monitoringssh scanssh-brutesuricata alertsswedensystem accesst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1552.001t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583.001t1587.001t1588t1588.004t1589t1589.001t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003taiwantaiwan, province of chinatannertanner interactionstargeting databasetcp protocoltcp scantcp_scantelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedtimeouttop10.txttopips.txttor nodetpottwudp port scanudp scanudp_scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunited kingdomunited statesunusual network trafficus abuseus noneutc+1:00valid accountsvoipvoip attackvpnvpn ipvpsvulnerability scanvulnerability-exploitationvultrvultr parisweb app attackweb application attackweb attackweb brute forceweb exploitweb exploitationweb spamweb trafficweb-bruteforceweb-login

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
31
Reports
First seenNov 24, 2022
Last seenJun 7, 2026
GeolocationTW
CountryTaiwan, Province of China
LocationTaipei, Taiwan
ASNAS9924
OrgTaiwan Fixed Network CO., LTD.
Coords25.0446, 121.5610
VPN

VirusTotal

Not checked

WHOIS

description
Banned by Fail2Ban [sshd]

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 3 days ago
Appeared in 31 threat reports