IOC Radar
IPMediumSignal 66/100

121.229.191.90

Location
ChinaChina
Nanjing, Jiangsu
ASN
AS134756
Chinanet JS
First Seen
Mar 6, 2024
Last Seen
Jun 20, 2026
Mar 6
First Seen
842d ago
Jun 20
Last Seen
6d ago
30
Reports
source reports
66%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

73 techniques

Network Information

CountryCNChina
RegionNanjing, Jiangsu
ASNAS134756
OrganizationChinanet JS

IP Category

Proxy
Proxy server

Feed Intelligence Summary

30 reports66% confidence
30
Source reports
66%
Confidence score
Category tags
abuseaccess controlaccount accessaccount compromiseactive scanactive scanningactive-responseanomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningapiuxapplication layer protocolaptasiaattackattack attemptattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication failuresauto-generatedautomated attackautomated attacksbad reputationbad web botblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebrute_forcebruteforcebruteforce ipsc2c2 communicationc2 serverchinachina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescncode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromise attemptcompromised hostcompromised hostscompromised systemscowriecowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingcredential-accesscredential-harvestingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice compromise attemptsdevice managementdictionary attackdigital oceandionaeadionaea honeypotdistributed attacksemerging threatsenterprise networkingenumerationenv-huntingeuropeexecutable fileexploitexploitationexploitation activityexploitation attemptsexploited hostexternal reconnaissanceexternal remote servicesfail2ban blockfail2ban logfail2ban triggerfail2ban triggeredfailed_loginfattfilefinlandfranceftpftp brute forceftp brute-forceftp scanftp_brute_forcegb_hosted_servergermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttpshurricane ushydraidentity & access exploitationindonesiainformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinitial access attemptinjection activityinjection attacksinternet-scanninginternet-wide monitoringintrusion detectioniociot securityiot targetedipv4ipv4 addressesipv4 iocipv4 port scanningipv4-scanningit infrastructurejapankill-chain exploitationkill-chain reconnaissancelamplamp exploitation attemptlamp server targetinglamp stacklateral movementlinux systemslogin attacklogin attemptlogin attemptslogin brute-forcelogin failurelogin securitylogin_attemptlow-riskmailmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious loginmalicious payloadmalicious script executionmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmass-scanningmasscanmedusamod securitymodsecurity alertsmodsecurity attacksmultiple failed loginsnetworknetwork accessnetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork traffic analysisnetwork_probenetwork_reconnaissancenginxnmapnorth americanoticeoceaniaopenctios credentials dumpingosintp0fpassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible intrusion attemptpossible malware distributionpre-attackprocess injectionproject_gifted1protocol exploitationproxypublicly accessible infrastructureransomwarerdp scanreconnaissancereconnaissance activityremote accessremote access attemptremote serviceremote service exploitationremote servicesresearchedresource hijackingrtbhscanscannerscanner ipscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetservice enumerationservice scansftp access attemptsftp attacksftp attackssip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp scansmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsql injection attemptsshssh attackssh monitoringssh scanssh_brute_forcessh_protocolswedensystem accesst1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1555.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588.002t1588.004t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnettelnet scantelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesunknown actorunknown threat actorus abuseus nonevalid accountsvoidtrapvoipvoip attackvulnerability scanvulnerability-scanningvultrwazuhweb app attackweb application attackweb attacksweb brute forceweb exploitweb exploitationweb spamweb trafficwordpress brute forceworker_strike

Activity Timeline

1 total obs
Jun 20Jun 20

Threat Activity Heatmap

· Peak: 2026-06-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
30
Reports
First seenMar 6, 2024
Last seenJun 20, 2026
GeolocationCN
CountryChina
LocationNanjing, Jiangsu
ASNAS134756
OrgChinanet JS
Coords32.0607, 118.7630
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 121.224.0.0 - 121.239.255.255 netname: CHINANET-JS descr: CHINANET jiangsu province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CJ186-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-JS mnt-routes: MAINT-CHINANET-JS mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:09Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-11-13 mnt-by: MAINT-CHINANET last-modified: 2026-03-13T07:12:20Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-11-13 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-11-13T14:15:15Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-87799222 e-mail: [email protected] remarks: send anti-spam reports [email protected] remarks: send abuse reports [email protected] remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: [email protected] mnt-by: MAINT-CHINANET-JS last-modified: 2022-08-05T15:34:47Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 6 days ago
Appeared in 30 threat reports