IOC Radar
IPMediumSignal 42/100

221.207.35.38

Location
ChinaChina
Xining, QH
ASN
AS4837
CNC Group CHINA169 Qinghai Province Network
First Seen
Mar 7, 2024
Last Seen
May 31, 2026
Mar 7
First Seen
842d ago
May 31
Last Seen
26d ago
11
Reports
source reports
42%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryCNChina
RegionXining, QH
ASNAS4837
OrganizationCNC Group CHINA169 Qinghai Province Network

Feed Intelligence Summary

11 reports42% confidence
11
Source reports
42%
Confidence score
Category tags
abuseactive scanactive scanningapplication layer protocolaptasiaattackaustraliabad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcechinacisco devicecisco exploitation attemptscivil servicescncommand and controlcommand injectioncommunication protocolcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringemailenterprise networkingexploitexploit: web applicationexploitationexploitation activityexploited hostfattftpftp brute forcegovernment technologyhackinghoneytrap datahoneytrap honeypothttp brute forcehttp request anomalieshttp scannerhttp scanningidentity & access exploitationindicatorinformation technologyinitial accessinjection activityintrusion detectioniociot securityit infrastructurelamplamp stack attacklamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware detectionnetworknetwork infrastructurenetwork intrusion attemptsnetwork reconnaissancenetwork scanningnetwork securityoceaniap0fpassword attacksphishingphishing attackphishing trappossible mirai variantpotential malware distributionprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesremote access attemptsresearchedresource hijackingscannerscanning activityscripting attackssensor-taggedsentrypeer botnetsentrypeer detectionservice scansftpsftp activitysftp attacksip scanningsmtpsmtp brute forcesmtp probingsocial engineeringsoftware developmentspamsshssh attackssh monitoringsurface webt-pott1021t1021.001t1040t1041t1046t1055t1059t1059.004t1059.007t1071t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp port scanvoipvoip attackvulnerability scanvulnerability-exploitationweb app attackweb application attackweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
11
Reports
First seenMar 7, 2024
Last seenMay 31, 2026
GeolocationCN
CountryChina
LocationXining, QH
ASNAS4837
OrgCNC Group CHINA169 Qinghai Province Network
Coords36.6268, 101.7548

VirusTotal

Not checked

WHOIS

description
Unknown source type: honeyaml
raw
inetnum: 221.207.0.0 - 221.207.63.255 netname: UNICOM-QH descr: China Unicom QingHai province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: CH1302-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: This object can only be modified by APNIC hostmaster remarks: If you wish to modify this object details please remarks: send email to [email protected] with your organisation remarks: account name in the subject line. mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-QH mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2023-10-21T03:39:18Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC route: 221.207.0.0/18 descr: CNC Group CHINA169 Qinghai Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:44Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 26 days ago
Appeared in 11 threat reports