IOC Radar
IPMediumSignal 71/100

121.229.9.110

Location
ChinaChina
Nanjing, Jiangsu
ASN
AS4134
Chinanet JS
First Seen
Jan 19, 2025
Last Seen
Jun 4, 2026
Jan 19
First Seen
511d ago
Jun 4
Last Seen
10d ago
27
Reports
source reports
71%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

64 techniques

Network Information

CountryCNChina
RegionNanjing, Jiangsu
ASNAS4134
OrganizationChinanet JS

Feed Intelligence Summary

27 reports71% confidence
27
Source reports
71%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningaptasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication failuresauthentication_failuresautomated attackautomated attacksbad reputationbad web botbanlist feedbanner-grabbingbinary defenseblock listblock.txtblocklistblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcbrute-forcebruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescncolumnscommand & controlcommand and controlcommunication protocolcommunity-sharedcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingcredential-harvestingcredential_stuffingctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaea activitydionaea honeypotdistributed attacksemerging threatsencryptionenterprise networkingenumerationenv-huntingeuropeexecutable fileexploitexploit probingexploitationexploitation activityexploitation attemptsexploited hostexternal remote servicesexternal_threatfail2ban blockedfail2ban blocked ipsfail2ban triggeredfailed loginfattfatt analysisfilefinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegeoipgermanyhackinghk abusehandlerhoneynet connecthoneytrap activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationindiaindicatorindonesiainfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot targetedipv4it infrastructurejapankill-chain exploitationkill-chain reconnaissancelamplamp server targetinglamp stacklateral movementlinux systemslogin attacklogin attemptlogin attemptslow-riskmailmailoney activitymailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ip addressesmalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmod securitymodsecurity alertsmodsecurity attacksnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnginxnorth americanoticeoceaniaopenctiosintosint enrichmentp0fp0f signaturespassword attackpassword attackspassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible malware distributionpotential reconnaissanceprocess injectionprotocol exploitationprotocol-probingransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote servicesremote_accessresearchresearchedresource hijackingscams & fraudscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetservice scansftp attacksftp exploitation attemptssip attackssip brute forcesip scanningsmb brute forcesmtpsmtp attackssmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh attacksssh brute-force activityssh monitoringssh-brutesuricata alertst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttokyotop10.txttopips.txttor nodetpottpotceudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomunited statesus abuseus nonevalid accountsvoipvoip attackvpsvulnerability scanvultrweb app attackweb application attackweb attacksweb brute forceweb exploitationweb spamweb trafficwordpress brute force

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
27
Reports
First seenJan 19, 2025
Last seenJun 4, 2026
GeolocationCN
CountryChina
LocationNanjing, Jiangsu
ASNAS4134
OrgChinanet JS
Coords32.0607, 118.7630

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
inetnum: 121.224.0.0 - 121.239.255.255 netname: CHINANET-JS descr: CHINANET jiangsu province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CJ186-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-JS mnt-routes: MAINT-CHINANET-JS mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:09Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-09-04T00:59:42Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-87799222 e-mail: [email protected] remarks: send anti-spam reports [email protected] remarks: send abuse reports [email protected] remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: [email protected] mnt-by: MAINT-CHINANET-JS last-modified: 2022-08-05T15:34:47Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 27 threat reports