IOC Radar
IPMediumSignal 74/100

1.85.219.132

Location
ChinaChina
Xincheng, SN
ASN
AS4134
Chinanet SN
First Seen
May 3, 2021
Last Seen
May 29, 2026
May 3
First Seen
1867d ago
May 29
Last Seen
14d ago
8
Reports
source reports
74%
Confidence
medium
1/91
VirusTotal
detections
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Network Information

CountryCNChina
RegionXincheng, SN
ASNAS4134
OrganizationChinanet SN

Feed Intelligence Summary

8 reports74% confidence
8
Source reports
74%
Confidence score
Category tags
abuseactive scanactive scanningasiaattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptschinacisco devicecisco exploitation attemptscncommand and controlcommunication protocolcompromised credentialsconpotconpot honeypotcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredecoy systemdevice managementdionaeadionaea honeypotdistributed attacksemailenterprise networkingexploit kit activityexploitationexploitation activityexploited hostftp brute forcegithubhackinghoneytrap datahoneytrap honeypotics securityidentity & access exploitationindicatorindustrial control systemsinjection activityintrusion detectioniot securityiot/ics attacklamplamp server targetinglamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious loginmalicious script executionmalicious softwaremalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitypassword attacksphishingphishing attackphishing trapprocess injectionpythonreconnaissanceresearchedresource hijackingscannersentrypeer botnetsentrypeer detectionsftpsftp access attemptsftp attacksip scanningslugsocial engineeringsshssh attackssh monitoringsurface webt1021t1040t1041t1046t1053t1055t1059t1059.004t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1486t1496t1499.001t1499.002t1499.003t1550t1555t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat detectionthreat intelligencethreat-intelligencetor nodetpotunauthorized accessunauthorized access attemptunauthorized login attemptvoipvoip attackweb app attack

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
8
Reports
First seenMay 3, 2021
Last seenMay 29, 2026
GeolocationCN
CountryChina
LocationXincheng, SN
ASNAS4134
OrgChinanet SN
Coords34.2635, 108.9246

VirusTotal

1/ 91vendors flagged
1% detection rateJun 8, 2026

WHOIS

description
Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious, sector:healthcare. 1.85.219.132 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).
raw
inetnum: 1.80.0.0 - 1.87.255.255 netname: CHINANET-SN descr: CHINANET SHAANXI PROVINCE NETWORK descr: China Telecom descr: No.56,gaoxin street descr: Beijing 100032 country: CN admin-c: XC9-AP tech-c: XC9-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-SHAANXI mnt-routes: MAINT-CHINANET-SHAANXI mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:04:55Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2024-10-17 mnt-by: MAINT-CHINANET last-modified: 2024-10-17T03:10:56Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2024-10-17 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-10-17T03:11:15Z source: APNIC person: Xianghong Cao address: Shanxi provice data communication Bureau address: 185# zhuque Road address: Xi'an city, Shanxi provice 710061 country: CN phone: +8629-523-3633 fax-no: +8629-522-8093 e-mail: [email protected] nic-hdl: XC9-AP mnt-by: MAINT-CHINANET last-modified: 2017-03-17T01:44:04Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 14 days ago
Appeared in 8 threat reports