IOC Radar
IPMediumSignal 84/100

1.192.192.8

Location
ChinaChina
Zhengzhou, Henan
ASN
AS137687
Chinanet HA
First Seen
Aug 26, 2020
Last Seen
May 29, 2026
Aug 26
First Seen
2131d ago
May 29
Last Seen
30d ago
24
Reports
source reports
84%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

55 techniques

Network Information

CountryCNChina
RegionZhengzhou, Henan
ASNAS137687
OrganizationChinanet HA

Feed Intelligence Summary

24 reports84% confidence
24
Source reports
84%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningadbhoney honeypotaerospace & defenseantispamapplication layer protocolaptasiaattackaustraliaauthentication attackauthentication attemptsautomated attackautomated attacksautomotive manufacturingbad reputationbad web botbankingblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebruteforcec2chinacisco devicecisco exploit attemptscivil servicescncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolconnected devicesconpot activityconpot attacksconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcowrie ssh attackscowrie ssh honeypotcredential accesscredential compromisecredential guessingcredential harvestingcredential stuffingcredit card servicescyber securitydata exfiltrationdata store exposuredatabase attackdatabase securitydatabase serversddosddos attackddos attack indicatorsddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware collectiondistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringelectronics manufacturingemailenterprise networkingexploitexploit attemptexploit attemptsexploit kit activityexploit: web applicationexploitation activityexploitation attemptexploitation attemptsexploited hostfattfinancefinance and insurancefinancial servicesfinancial technologyftpftp attacksftp brute forceftp brute-forcegithubgovernment technologygroupshackingheralding activityhoneytrap honeypothttp brute forcehttp request anomalieshttp scannerhttpsics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial automationindustrial control systemsindustrial iotindustrial productioninitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot analyticsiot applicationsiot botnetiot platformsiot securityiot targetediot/ics attackipphoney honeypotipv4lamplamp exploit attemptslamp stack targetinglamp vulnerability scanlateral movementlateral movement attemptlog4jlogin attemptsmailoney activitymailoney honeypotmalicious activitymalicious network activitymalicious payloadmalicious payload detectionmalicious sip activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware distribution attemptmalware propagationmanufacturing technologymilitary operationsmirai botnetmonthlynational securitynetworknetwork attacksnetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork-based attack attemptsnextraynorth americaoceaniap0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathpossible credential reusepossible exploit attemptpossible malware infectionpotential intrusionpotential malicious activitypotential malware activitypotential malware distributionprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policypythonquality controlransomwareransomware activityrdp attacksreconnaissanceredis honeypotredishoneypot activityregulatory agenciesremote accessremote access attemptsremote servicesresearchedresource hijackingscanscannerscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer sip attacksserver exploitationservice enumerationservice scansftpsftp access attemptssftp activitysftp attacksftp attemptssftp exploitation attemptsip brute forcesip scanningsip vulnerability scanslugsmart devicessmtpsmtp attackssmtp brute forcesmtp probingsocial engineeringspamsql injectionsql injection attemptssshssh attackssh attacksssh monitoringsupply chain attacksupply chain managementsurface websystem accesssystem discoveryt-pott1016t1016.001t1016.002t1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1087t1087.001t1087.002t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1565t1566.001t1566.002t1566.003t1566.004t1571t1588t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpottpotcettpsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunidentified attackerunited statesvalid accountsvnc protocolvoipvoip attackvoip attacksvoip systemsvulnerability scanwealth managementweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb scannerweb serversweb spamweb traffic

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
24
Reports
First seenAug 26, 2020
Last seenMay 29, 2026
GeolocationCN
CountryChina
LocationZhengzhou, Henan
ASNAS137687
OrgChinanet HA
Coords34.7657, 113.7530

VirusTotal

Not checked

WHOIS

description
Unknown source type: h0neytr4p
raw
inetnum: 1.192.0.0 - 1.199.255.255 netname: CHINANET-HA descr: CHINANET henan province network descr: henan Telecom Corporation descr: 97 # Zhongyuan Street, Zhengzhou,henan,China country: CN admin-c: HZ149-AP tech-c: HZ149-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: Henan Telecom Corporation hostmaster mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-HA mnt-routes: MAINT-CHINANET-HA mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:00Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2024-10-17 mnt-by: MAINT-CHINANET last-modified: 2024-10-17T03:10:56Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2024-10-17 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-10-17T03:11:15Z source: APNIC person: Hongbiao Zhang nic-hdl: HZ149-AP e-mail: [email protected] address: 97# Zhongyuan Street, Zhengzhou City, China phone: +86 371 65310018 fax-no: +86 371 65310015 country: CN mnt-by: MAINT-CHINANET-HA last-modified: 2008-09-04T07:29:40Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 1 month ago
Appeared in 24 threat reports