IOC Radar
IPMediumSignal 36/100

111.113.88.201

Location
ChinaChina
Yinchuan, NX
ASN
AS4134
Chinanet NX
First Seen
Mar 24, 2024
Last Seen
May 10, 2026
Mar 24
First Seen
813d ago
May 10
Last Seen
37d ago
9
Reports
source reports
36%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryCNChina
RegionYinchuan, NX
ASNAS4134
OrganizationChinanet NX

Feed Intelligence Summary

9 reports36% confidence
9
Source reports
36%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney honeypotasiaattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptschinacisco devicecisco device targetingcncommand and controlcommunication protocolcowriecowrie honeypotcowrie ssh honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingexploitation activityexploited hostftpftp brute forcegithubgroupshackinghoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinitial accessinjection activityiot securitylamplamp exploitation attemptslamp server attacklamp stack targetingmailoney honeypotmalicious activitymalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturemalware hostingnetworknetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork protocolnetwork scanningnetwork securitypassword attackpassword attacksphishingphishing attackphishing trappossible botnet activitypossible exploit attemptpotential exploit activityprocess injectionpythonransomwarereconnaissanceresearchedresource hijackingscannerscanning activityscriptsentrypeer botnetsftpsftp attacksipsip enumerationsip vulnerability scanningslugsocial engineeringsshssh attackssh monitoringsurface webt1021t1021.002t1040t1041t1046t1053.005t1055t1059t1059.001t1059.004t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeunauthorized accessunauthorized loginvoipvoip attackvulnerability scanweb app attackweb application attackweb exploitationweb traffic

Activity Timeline

1 total obs
May 10May 10

Threat Activity Heatmap

· Peak: 2026-05-10
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
9
Reports
First seenMar 24, 2024
Last seenMay 10, 2026
GeolocationCN
CountryChina
LocationYinchuan, NX
ASNAS4134
OrgChinanet NX
Coords38.4736, 106.2662

VirusTotal

Not checked

WHOIS

description
2025-02-07T08:16:58.798Z Honeypot : ElasticPot : Source: 111.113.88.201 : Port: 9200 Event Type: Scan
raw
inetnum: 111.112.0.0 - 111.113.255.255 netname: CHINANET-NX descr: CHINANET ningxia province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: ZL127-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-NINGXIA mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:23Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: zhaolong li address: 44 jiefangdong street,ningxia,750001, address: china country: CN phone: +86-951-6018000 fax-no: +86-951-6019000 e-mail: [email protected] nic-hdl: ZL127-AP mnt-by: MAINT-NEW last-modified: 2008-09-04T07:30:24Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 9 threat reports