IOC Radar
IPMediumSignal 42/100

101.227.52.235

Location
ChinaChina
Shanghai, Shanghai
ASN
AS4811
Chinanet SH
First Seen
Feb 20, 2025
Last Seen
Mar 28, 2026
Feb 20
First Seen
488d ago
Mar 28
Last Seen
87d ago
13
Reports
source reports
42%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Network Information

CountryCNChina
RegionShanghai, Shanghai
ASNAS4811
OrganizationChinanet SH

Feed Intelligence Summary

13 reports42% confidence
13
Source reports
42%
Confidence score
Category tags
abuseaccessactionactive scanactive scanningadbhoney honeypotasiaattachment phishingattackautomated emailbad reputationbad web botbase64base64 encodingbecblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbulk emailchinacncommand and controlcommunication protocolcompromise attemptconfigconnectcowriecowrie detectedcowrie honeypotcredential accesscredential harvestingcredential phishingcredential stuffingcssctadata exfiltrationdata store exposuredatabase enumerationdatabase securityddosdecoy systemdenial of servicedictionary attackdionaeadionaea detecteddionaea honeypotdistributed attackselasticpot detectedelasticpot honeypotelasticsearch monitoringemailexecutable fileexploitexploit attemptexploit attemptsexploitation activityftpftp brute forcegithubgroupshoneytrap honeypotidentity & access exploitationindicatorinfoinjection activityiot securitylamplinuxmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork activitynetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitypasswordpassword attackpassword attackspassword theftpayment fraudphishingphishing attackphishing campaignphishing trappingpossible malicious activityprice requestprice request scamprocess injectionpythonreconnaissanceredis honeypotredishoneypotresearchedresource hijackingscams & fraudscannerschedule themescheduled task abusescriptsentrypeer botnetserversftpsftp attacksftp attemptsipsip brute forcesip scanningslugsocial engineeringspamsshssh attackssh monitoringsurface webt1003t1003.001t1016t1018t1021t1040t1041t1046t1055t1059t1059.004t1068t1071t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1192t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1565t1566t1566.001t1566.002t1566.003t1566.004t1588t1589t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner detectedtargeting databasetariff server compromisetariff server themetariffs servertelecommunicationsthreat actorthreat detectionthreat intelligencetor nodetpotunauthorized accessvoipvoip attackweb application attackweb exploitationweb spamwetransfer abuse

Activity Timeline

1 total obs
Mar 28Mar 28

Threat Activity Heatmap

· Peak: 2026-03-28
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
13
Reports
First seenFeb 20, 2025
Last seenMar 28, 2026
GeolocationCN
CountryChina
LocationShanghai, Shanghai
ASNAS4811
OrgChinanet SH
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

raw
inetnum: 101.224.0.0 - 101.231.255.255 netname: CHINANET-SH descr: CHINANET SHANGHAI PROVINCE NETWORK descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: WWQ4-AP tech-c: WWQ4-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider notify: [email protected] mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-SH mnt-routes: MAINT-CHINANET-SH mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:08Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Weng Wen Qian address: Room 2405,357 Songlin Road,Shanghai 200122 country: CN phone: +86-21-68405784 fax-no: +86-21-50623458 e-mail: [email protected] nic-hdl: WWQ4-AP mnt-by: MAINT-CHINANET-SH last-modified: 2023-02-07T08:25:17Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 13 threat reports