IOC Radar
IPMediumSignal 24/100

221.1.89.93

Location
ChinaChina
Jinan, SD
ASN
AS4837
CNC Group CHINA169 Shandong Province Network
First Seen
Jan 31, 2025
Last Seen
Apr 1, 2026
Jan 31
First Seen
512d ago
Apr 1
Last Seen
87d ago
8
Reports
source reports
24%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
24%
Signal Score
24 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryCNChina
RegionJinan, SD
ASNAS4837
OrganizationCNC Group CHINA169 Shandong Province Network

Feed Intelligence Summary

8 reports24% confidence
8
Source reports
24%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotasiaattackbad reputationbotnetbotnet activitybrute forcebrute force ftpbrute force sshchinacncommand and controlcommunication protocolcowriecowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredecoy systemdionaeadionaea activitydionaea honeypotdirectory traversaldistributed attacksemailexploit attemptsexploitation activityftp brute forcegithubheralding activityhoneytrap activityhoneytrap honeypotidentity & access exploitationindicatorinjection activitylamplamp exploitation attemptsmailoney activitymailoney honeypotmalicious activitymalicious email activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork scanningnetwork securitynetwork service scanningphishingphishing attackphishing trapprocess injectionpythonreconnaissanceresearchedresource hijackingsentrypeer activitysentrypeer botnetservice scansftpsftp activitysftp attacksipsip brute forcesip scanningslugsocial engineeringsshssh attackssh monitoringsurface webt1021t1021.001t1021.002t1021.004t1021.006t1021.007t1040t1041t1055t1059t1059.004t1068t1071.001t1078t1110t1110.001t1110.002t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat detectionthreat intelligencetor nodevoipvoip attackweb application attack

Activity Timeline

1 total obs
Apr 1Apr 1

Threat Activity Heatmap

· Peak: 2026-04-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
24
SIGNAL
Signal Score
24%
Confidence
8
Reports
First seenJan 31, 2025
Last seenApr 1, 2026
GeolocationCN
CountryChina
LocationJinan, SD
ASNAS4837
OrgCNC Group CHINA169 Shandong Province Network
Coords37.5307, 121.3946

VirusTotal

Not checked

WHOIS

description
2025-02-13T04:06:13.520Z Honeypot : Adbhoney : EventID/src_ip/src_url: adbhoney.session.connect221.1.89.93
raw
inetnum: 221.0.0.0 - 221.3.127.255 netname: UNICOM-SD descr: China Unicom Shandong province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: XZ14-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-SD mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:20:23Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: XIAOFENG ZHANG nic-hdl: XZ14-AP e-mail: [email protected] address: Jinan,Shandong P.R China phone: +86-531-6666666 fax-no: +86-531-6666666 country: CN mnt-by: MAINT-ZXF last-modified: 2008-09-04T07:29:35Z source: APNIC route: 221.0.0.0/15 descr: CNC Group CHINA169 Shandong Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:44Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 8 threat reports