IOC Radar
IPMediumSignal 69/100

61.219.156.91

Location
Taiwan, Province of ChinaTaiwan, Province of China
Banqiao, Taiwan
ASN
AS3462
Chunghwa Telecom Co. Ltd.
First Seen
Dec 20, 2024
Last Seen
Jun 7, 2026
Dec 20
First Seen
538d ago
Jun 7
Last Seen
4d ago
27
Reports
source reports
69%
Confidence
medium
11/91
VirusTotal
detections
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

40 techniques

Network Information

CountryTWTaiwan, Province of China
RegionBanqiao, Taiwan
ASNAS3462
OrganizationChunghwa Telecom Co. Ltd.

IP Category

VPN
VPN exit node

Feed Intelligence Summary

27 reports69% confidence
27
Source reports
69%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningapacheapache attackeraptasiaatif feedattackaustraliaauthentication abuseauthentication attackauthentication attemptsauthentication failuresautomated attackbad reputationbad web botbanlist feedbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute-forcebruteforcec2 communicationcisco devicecloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedevice managementdigital oceandistributed attacksenterprise networkingeuropeexploitexploitationexploitation activityexploited hostfail2ban alertfail2ban blocked ipsfranceftpftp brute forceftp brute-forcehackinghttp brute forceidentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceinjection activityit infrastructurekill-chain exploitationkill-chain reconnaissanceknown attackerlateral movementlogin failurelow-riskmalaysiamalicious activitymalicious domainsmalicious ip addressesmalicious softwaremalwaremalware distributionmanualnetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork probingnetwork scanningnetwork securitynetwork security monitoringnetwork traffic analysisnoticeoceaniaopenctiosintpassword attackpassword attacksphishingphishing attackportscanpossible intrusionprocess injectionransomwarereconnaissancereconnaissance activityremote accessresearchedresource hijackingscanscannerscannersscanning activitysecurity operationsservice discoveryservice scansftp attacksipsip brute forcesip scansocial engineeringsocradar honeypotsoftware developmentsshssh attackssh monitoringssh scant1005t1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1078t1078.002t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1587.001t1588.004t1589t1590.001t1595t1595.001t1595.002t1595.003taiwantelecommunicationsthreat actorthreat intelligencetor nodetpottwudp port scanunauthorized access attemptsunauthorized activityunauthorized loginunited kingdomvoipvpnvpn ipvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
27
Reports
First seenDec 20, 2024
Last seenJun 7, 2026
GeolocationTW
CountryTaiwan, Province of China
LocationBanqiao, Taiwan
ASNAS3462
OrgChunghwa Telecom Co. Ltd.
Coords25.0367, 121.5240
VPN

VirusTotal

11/ 91vendors flagged
12% detection rateJun 8, 2026

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 61.219.156.91 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 days ago
Appeared in 27 threat reports