IOC Radar
IPMediumSignal 41/100

220.167.232.103

Location
ChinaChina
Xining, QH
ASN
AS140061
Chinanet QH
First Seen
Jan 28, 2024
Last Seen
May 31, 2026
Jan 28
First Seen
868d ago
May 31
Last Seen
14d ago
10
Reports
source reports
41%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryCNChina
RegionXining, QH
ASNAS140061
OrganizationChinanet QH

Feed Intelligence Summary

10 reports41% confidence
10
Source reports
41%
Confidence score
Category tags
access controlactive scanactive scanningasiaattackaustraliaautomated threatbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute-forcec2chinacisco devicecncommand & controlcommand and controlcommunication protocolcompromised credentialsconpot honeypotconpot ics exploitationcowrie honeypotcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackscredential guessingcredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaea honeypotdionaea malware analysisdionaea malware collectiondistributed attacksdistributed_attackelasticpot attackselasticpot honeypotelasticsearch monitoringenterprise networkingexploit attemptsexploitation activityexploited hostexternal access attemptsfattftpftp brute forceftp brute-forcehackingheralding probeshoneytrap honeypothttp scannerhttp scanninghttp/shttpsics securityidentity & access exploitationindicatorindustrial control systemsinjection activityiot securityiot targetediot/ics attacklamplamp server targetinglamp stack attacklateral movementlinux systemsmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork_trafficoceaniap0fpassword attacksperimeter securityphishingphishing attackphishing trapping of deathpossible mirai variantprocess injectionprotocol exploitationreconnaissanceredis exploitation attemptredis exploitation attemptsredis honeypotresearchedresource hijackingscannersecurity policysensor-taggedsentrypeer attackssentrypeer botnetserver exploitationserver securityservice scansftp access attemptsftp activitysftp attacksip scanningsmtpsocial engineeringspamsql injectionsshssh attackssh monitoringsystem accesst1021t1040t1041t1046t1055t1059t1059.003t1071t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1565t1566t1566.001t1566.002t1566.003t1590.006t1595t1595.001t1595.002t1595.003tannertanner exploit kittanner honeypot activitytargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanunknown threat actorvoipvoip attackweb app attackweb application attackweb attacksweb exploitweb exploitationweb traffic

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents an IPv4 address identified with a significant threat score of 40.53 and is not whitelisted, signaling its likely involvement in malicious activities. Its presence in various threat intelligence feeds, including AbuseIPDB, AlienVault OTX, and multiple blacklists, underscores its persistent and widespread reputation as a source of hostile network traffic. Analysis suggests this IP address is associated with a broad range of attack patterns, including n…

Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
10
Reports
First seenJan 28, 2024
Last seenMay 31, 2026
GeolocationCN
CountryChina
LocationXining, QH
ASNAS140061
OrgChinanet QH
Coords36.6268, 101.7548

VirusTotal

Not checked

WHOIS

description
2025-04-15T05:26:59.283Z Honeypot : ConPot : Source: 220.167.232.103 : Port: 161 Data Type: snmp Event Type: SNMPv2 GetNext
raw
inetnum: 220.167.128.0 - 220.167.255.255 netname: CHINANET-QH descr: CHINANET QINGHAI province network descr: China Telecom country: CN admin-c: CH93-AP tech-c: CL359-AP mnt-by: MAINT-CHINANET mnt-lower: MAINT-CHINANET-QH status: allocated non-portable last-modified: 2008-09-04T06:53:18Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: Changhai Liu address: Yangste Road No.95,Xining,Qinghai country: CN phone: +86-971-8587993 fax-no: +86-971-8589332 e-mail: [email protected] nic-hdl: CL359-AP mnt-by: MAINT-NEW last-modified: 2008-09-04T07:30:18Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 14 days ago
Appeared in 10 threat reports