IOC Radar
IPMediumSignal 48/100

221.10.10.20

Location
ChinaChina
Chengdu, ZJ
ASN
AS4837
CNC Group CHINA169 Sichuan Province Network
First Seen
Feb 23, 2021
Last Seen
Apr 15, 2026
Feb 23
First Seen
1943d ago
Apr 15
Last Seen
65d ago
29
Reports
source reports
48%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryCNChina
RegionChengdu, ZJ
ASNAS4837
OrganizationCNC Group CHINA169 Sichuan Province Network

Feed Intelligence Summary

29 reports48% confidence
29
Source reports
48%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount accessaccount brute forceaccount enumerationactive scanactive scanningadresse ipaerospace & defenseagricultural supply chainagricultural technologyagriculture, forestry, fishing and huntingapacheapache attackeraptasiaatif feedattackauthenticationauto-generated securityautomotive manufacturingazureazure adbad reputationbankingbanlist feedbelgiumbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcebrute-force attackc2 communicationc2 serverchinacivil servicescloud infrastructurecncommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscredential accesscredential harvestingcredential stuffingcredit card servicescrop productionctadata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attackselectronics manufacturingentra ideuropeexploitationexploitation activityexploited hostfailed authenticationfarmingfinancefinancial servicesfinancial technologyfinlandfinland activityfood productionfrancefraud voipftp brute forcegermanygovernment technologyhackingheng technologyholdinghoneynet connecthonk gonkhttp brute forceidentity & access exploitationimapimap brute forceindicatorindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinjection activityiociot securityiranit infrastructurejsc ertelecomjsc ertelecom holdinglateral movementlivestock managementlogin attacklogin attemptlogin attemptslogin brute forcemajoritmalaysiamalicious activitymalicious hostmalicious softwaremalwaremalware distributionmanualmanufacturing technologymicrosoft entra idmilitary operationsmultiple accountsmultiple usersnational securitynetworknetwork attacksnetwork brute forcenetwork enumerationnetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnextraynorth americaopenctipassword attackpassword attackspassword crackingpayment processingpaysphishingphishing attackpolandpop3 brute forceprecision agricultureprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlreconnaissanceregulatory agenciesremote accessremote servicesresearchedrtbhrusserussian ipsaslsasl brute forcescams & fraudscannerscannersscanning activitysecurity operationssecurity policyservice scansign-in logssmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsoftware developmentspamssh attacksupply chain attacksupply chain managementsustainable agriculturet1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1046t1047t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1213t1486t1496t1499.001t1499.002t1499.003t1539t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tcp attacktcp brute forcetcp protocoltcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized access attemptunited statesvietnamvulnerability scanwealth managementweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Apr 15Apr 15

Threat Activity Heatmap

· Peak: 2026-04-15
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
29
Reports
First seenFeb 23, 2021
Last seenApr 15, 2026
GeolocationCN
CountryChina
LocationChengdu, ZJ
ASNAS4837
OrgCNC Group CHINA169 Sichuan Province Network
Coords30.2994, 120.1612

VirusTotal

Not checked

WHOIS

description
List of SSH attacking IPs detected by Rimba Siber honeypot.
raw
inetnum: 221.10.0.0 - 221.10.255.255 netname: UNICOM-SC descr: China Unicom SiChuan province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: XX288-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-SC mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:11:17Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: Xifei Xie nic-hdl: XX288-AP e-mail: [email protected] address: Tianfu Road High-Tec international square C,Chengdu,Sichuan 610041,China phone: +86-28-66850327 fax-no: +86-28-66850327 country: CN mnt-by: MAINT-CNCGROUP-SC last-modified: 2010-12-27T03:36:01Z source: APNIC route: 221.10.0.0/16 descr: CNC Group CHINA169 Sichuan Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:44Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 2 months ago
Appeared in 29 threat reports