IOC Radar
IPMediumSignal 100/100

218.92.0.215

Location
ChinaChina
Nanjing, JS
ASN
AS4134
CHINANET jiangsu province network
First Seen
Jun 27, 2020
Last Seen
Apr 2, 2026
Jun 27
First Seen
2175d ago
Apr 2
Last Seen
70d ago
25
Reports
source reports
99%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Network Information

CountryCNChina
RegionNanjing, JS
ASNAS4134
OrganizationCHINANET jiangsu province network

Feed Intelligence Summary

25 reports99% confidence
25
Source reports
99%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attackauto-generated securitybad reputationbanlist feedbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptscentoscertchinacisco devicecncommand and controlcommunication protocolcompromised credentialsconnectcowriecowrie honeypotcowrie honeypot datacredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredecoy systemdevice managementdistributed attacksdrive-by compromiseemailenergyenterprise networkingexecutable fileexploitexploitation activityexploitation attemptsexternal remote servicesfailedfailed authenticationfileftpgithubgroupshackinghoneytrap honeypotidentity & access exploitationindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityipv4jslamplamp attacklateral movementlogin attacklogin attemptmailoney attackmailoney honeypotmalicious activitymalicious payloadmalicious softwaremalwaremanualmysqlnetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnginxnorth americaoceaniaopensshpassword attackpassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationpythonransomwarereconnaissanceremote accessremote service exploitationremote service interactionremote servicesresearchedresource developmentscanscannerscanning activityscriptsecurity operationssecurity policyserverservice scansftpsftp attacksftp exploit attemptslugsmtpsocial engineeringsocradar honeypotsourcesshssh attackssh monitoringsurface webt1005t1018t1021t1021.004t1040t1041t1046t1047t1053.005t1055t1059t1059.004t1068t1071.001t1078t1078.001t1078.002t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195.002t1203t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1565t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnet threattextthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotceturkeyubuntuunauthorized accessunauthorized access attemptunauthorized loginunited statesuploadvalid accountsvoipvulnerabilityvulnerability scanweb server attackszabbix

Activity Timeline

1 total obs
Apr 2Apr 2

Threat Activity Heatmap

· Peak: 2026-04-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
25
Reports
First seenJun 27, 2020
Last seenApr 2, 2026
GeolocationCN
CountryChina
LocationNanjing, JS
ASNAS4134
OrgCHINANET jiangsu province network
Coords34.5952, 119.1664

VirusTotal

Not checked

WHOIS

description
2025-05-11T13:55:06.471Z Honeypot : Cowrie : Source: 218.92.0.215 Data: Connection lost after 0.2 seconds
raw
inetnum: 218.90.0.0 - 218.94.255.255 netname: CHINANET-JS descr: CHINANET jiangsu province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CJ186-AP mnt-by: MAINT-CHINANET mnt-lower: MAINT-CHINANET-JS mnt-routes: maint-chinanet-js status: ALLOCATED non-PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-87799222 e-mail: [email protected] remarks: send anti-spam reports [email protected] remarks: send abuse reports [email protected] remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: [email protected] mnt-by: MAINT-CHINANET-JS last-modified: 2022-08-05T15:34:47Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC route: 218.92.0.0/16 descr: CHINANET jiangsu province network origin: AS4134 mnt-by: MAINT-CHINANET-JS last-modified: 2019-02-14T06:59:43Z source: APNIC
references
https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://blacklist.3coresec.net/lists/et-open.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 years ago · Last seen 2 months ago
Appeared in 25 threat reports