IOC Radar
IPMediumSignal 67/100

61.169.6.99

Location
ChinaChina
Shanghai, Shanghai
ASN
AS4812
Chinanet SH
First Seen
Jun 8, 2024
Last Seen
Jun 6, 2026
Jun 8
First Seen
735d ago
Jun 6
Last Seen
7d ago
28
Reports
source reports
67%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Network Information

CountryCNChina
RegionShanghai, Shanghai
ASNAS4812
OrganizationChinanet SH

Feed Intelligence Summary

28 reports67% confidence
28
Source reports
67%
Confidence score
Category tags
abuseaccount compromiseaccount enumerationaccount takeover attemptactive scanactive scanningactive-attackadresse ipaptasiaattackattack origin: malaysiaattacker-ipauthenticationauthentication bypassautomated attackazure adbad reputationbad web botbankingbelgiumbelgium ip addressesblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute force ipsbrute-forcebrute-force attackbruteforcec2 communicationc2 serverchinacivil servicescloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscowriecowrie honeypotcredential accesscredential brute forcecredential compromisecredential harvestingcredential stuffingcredit card servicesctadata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdenial of servicedigital oceandistributed attacksentra ideuropeexploitation activityexploited hostexternal remote servicesexternal_threatfinancefinancial servicesfinancial technologyfinlandfinland based targetfnt-secure-sentinelfnt-sentinelfrancefraud ordersftp brute forcegermanygovernment technologyhackinghoneynet connecthong konghttp brute forceidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityinternet-facing assetsinternet-facing systemsintrusion detectioniocipv4ipv4 addressipv4 trafficipv4_activitykill-chain exploitationkill-chain reconnaissancelateral movementlcialogin attacklogin attemptlogin attemptsmalaysiamalicious activitymalicious softwaremalicious-ipmalwaremalware deliverymalware distributionmanualmedium-riskmicrosoft 365microsoft azuremicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork brute forcenetwork discoverynetwork intrusionnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_discoverynorth americaos credential dumpingpassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingsaslsasl authentication attacksasl brute forcescams & fraudscannerscannersscanning activityscanning ipssecurity operationsservice scansftp attacksftp exploitation attemptssmtpsmtp attackersmtp brute forcesocial engineeringspamsshssh attackssh monitoringssh-brutet-pott1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tcp based attacktcp brute forcetcp protocoltcp protocol attacktcp scantelnet threatthreat actorthreat intelligencetor nodetpotturkeyudp scanunattributed threat actorunauthorized accessunauthorized access attemptunauthorized login attemptsunited kingdomunited statesvalid accountsvulnerability scanvultr hostingwealth managementweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
28
Reports
First seenJun 8, 2024
Last seenJun 6, 2026
GeolocationCN
CountryChina
LocationShanghai, Shanghai
ASNAS4812
OrgChinanet SH
Coords31.2304, 121.4740

VirusTotal

Not checked

WHOIS

description
FNT Sentinel Real-time Intercept: SMTP brute-force detected. Reference: 2026-05-10 08:49:02.3651 Login failure: 61.169.6.99 SMTP

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 7 days ago
Appeared in 28 threat reports