IOC Radar
IPMediumSignal 40/100

111.113.88.222

Location
ChinaChina
Yinchuan, Ningxia Huizu
ASN
AS4134
Chinanet NX
First Seen
Jan 23, 2024
Last Seen
Jun 18, 2026
Jan 23
First Seen
882d ago
Jun 18
Last Seen
6d ago
10
Reports
source reports
40%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryCNChina
RegionYinchuan, Ningxia Huizu
ASNAS4134
OrganizationChinanet NX

Feed Intelligence Summary

10 reports40% confidence
10
Source reports
40%
Confidence score
Category tags
accessactive scanactive scanningadbhoney honeypotaptasiaattackauto-generated securitybad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcechinacncommand and controlcommunication protocolcowriecowrie honeypotcowrie ssh honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase securityddosddos attackdecoy systemdenial of servicedionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailexploitation activityexploited hostfraud voipftpftp brute forceftp brute-forcegithubgroupshackinghoneytrap honeypothttp scannerindicatorinitial accessinjection activityiot securityiot targetedlamplamp exploitation attemptslamp server attacklamp stack targetingmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware hostingnetworknetwork attacksnetwork intrusion attemptsnetwork protocolnetwork scanningnetwork securitypassword attackpassword attacksphishingphishing attackphishing trapping of deathprocess injectionpythonreconnaissanceresearchedresource hijackingscannerscanning activityscriptsentrypeer botnetsftpsftp attacksipsip enumerationsip vulnerability scanningslugsocial engineeringsql injectionsshssh attackssh monitoringsurface webt1021t1021.002t1040t1041t1046t1053.005t1055t1059t1059.001t1059.004t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationsthreat actorthreat detectionthreat intelligenceunauthorized loginvoipvoip attackweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
40
SIGNAL
Signal Score
40%
Confidence
10
Reports
First seenJan 23, 2024
Last seenJun 18, 2026
GeolocationCN
CountryChina
LocationYinchuan, Ningxia Huizu
ASNAS4134
OrgChinanet NX
Coords38.4682, 106.2726

VirusTotal

Not checked

WHOIS

description
Global Threat Feed. 14,000+ Verified targets. Archive Ref: 2026-06-04
raw
inetnum: 111.112.0.0 - 111.113.255.255 netname: CHINANET-NX descr: CHINANET ningxia province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: ZL127-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-NINGXIA mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:23Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-09-04T00:59:42Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: zhaolong li address: 44 jiefangdong street,ningxia,750001, address: china country: CN phone: +86-951-6018000 fax-no: +86-951-6019000 e-mail: [email protected] nic-hdl: ZL127-AP mnt-by: MAINT-NEW last-modified: 2008-09-04T07:30:24Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 6 days ago
Appeared in 10 threat reports