IPMediumSignal 78/100
221.15.92.228
Location
ChinaZhengzhou, HA
ASN
AS4837
CNC Group CHINA169 Henan Province Network
First Seen
Apr 16, 2026
Last Seen
Apr 21, 2026
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
78%
Signal Score
78 / 100
IDS Rule
No
Threat Context
Tags
Network Information
CountryChina
ChinaRegionZhengzhou, HA
ASNAS4837
OrganizationCNC Group CHINA169 Henan Province Network
Feed Intelligence Summary
5 reports78% confidence
5
Source reports
78%
Confidence score
Category tags
active scanasiabrute forcebruteforcechinacowriedionaeafattindicatornetworkp0fphishingresearchedscannersensor-taggedsshtannertelnettpot
Activity Timeline
Apr 21Apr 21
Threat Activity Heatmap
· Peak: 2026-04-21LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address, signals a significant and potential threat to organizational security. With a high score of 78.03 and an unwhitelisted status, this IP address is strongly associated with malicious activities observed on honeypots, specifically linked to SSH and Telnet attack attempts. Its presence indicates potential reconnaissance or brute-force campaigns targeting network services, which could lead to unauthorized access, system compromise, or data breaches…
Threat ScoreHigh Risk
78
SIGNAL
Signal Score
78%
Confidence
5
Reports
First seenApr 16, 2026
Last seenApr 21, 2026
GeolocationCN
CountryChina
LocationZhengzhou, HA
ASNAS4837
OrgCNC Group CHINA169 Henan Province Network
Coords32.1188, 114.0623
VirusTotal
Not checked
WHOIS
- description
- Observed authentication attempts via telnet against Cowrie/Heralding honeypots in Australia. Total events observed: 30. Sensors involved: Cowrie. Target ports: 23. Source country: CN. ASN(s): 4837. Organisation(s): CHINA UNICOM China169 Backbone.
- raw
- inetnum: 221.13.128.0 - 221.15.255.255 netname: UNICOM-HA descr: China Unicom Henan Province Network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: WW444-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: This object can only be modified by APNIC hostmaster remarks: If you wish to modify this object details please remarks: send email to [email protected] with your organisation remarks: account name in the subject line. mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HA mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2023-10-21T03:35:17Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-10-17 mnt-by: MAINT-CNCGROUP last-modified: 2025-11-18T00:26:20Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-10-17 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-10-17T02:26:56Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: Wei Wang nic-hdl: WW444-AP e-mail: [email protected] address: #55 San Quan Road, Zhengzhou, Henan Provice phone: +86-371-65952358 fax-no: +86-371-65968952 country: CN mnt-by: MAINT-CNCGROUP-HA last-modified: 2010-03-05T08:20:01Z source: APNIC route: 221.14.0.0/15 descr: CNC Group CHINA169 Henan Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:44Z source: APNIC
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 months ago · Last seen 2 months ago
Appeared in 5 threat reports