IPMediumSignal 63/100
221.229.219.42
Location
ChinaNanjing, Jiangsu
ASN
AS4134
Chinanet JS
First Seen
Jan 9, 2025
Last Seen
May 11, 2026
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionNanjing, Jiangsu
ASNAS4134
OrganizationChinanet JS
Feed Intelligence Summary
24 reports63% confidence
24
Source reports
63%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanninganomalous network connectionsapacheapache attackeraptasiaatif feedattackaustraliaauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication failuresautomated attackbad reputationbad web botbanlist feedbinary defenseblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebruteforcec2c2 communicationc2 serverchinachina mobileciscocisco devicecisco exploitation attemptcloud infrastructurecloud infrastructure attackcloud servicescncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie datacowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaeadionaea honeypotdionaea interactionsdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptexploitationexploitation activityexploitation attemptsexploited hostfail2ban triggeredfattfatt signaturesfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghurricane usicmpidentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksiociot securityiot targetedipv4it infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp server targetinglateral movementlogin attacklogin attemptlogin attemptslow-riskmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious ip activitymalicious loginmalicious payloadmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware distributionmanualmod securitynation-state activitynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoceaniaopenctiosintp0fp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpoland originating attackpossible botnet activitypossible malware distributionpotential malware uploadprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityred piranharemote accessremote access attemptremote service exploitationremote servicesresearchedresource developmentresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsservice scansftpsftp access attemptsftp attacksipsip scanningsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringssh scanningsuricata alertst1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195.002t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1555t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1589t1589.002t1590t1590.001t1591t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstcptcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpottpotceudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized login attemptsunited kingdomunited statesus abuseus nonevoipvoip attackvulnerabilityvulnerability scanvultrvultr hostingwebweb application attackweb exploitationweb loginweb spamweb traffic
Activity Timeline
May 11May 11
Threat Activity Heatmap
· Peak: 2026-05-11LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
24
Reports
First seenJan 9, 2025
Last seenMay 11, 2026
GeolocationCN
CountryChina
LocationNanjing, Jiangsu
ASNAS4134
OrgChinanet JS
Coords32.0607, 118.7630
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=cowrie, fatt, p0f, suricata; threshold?1; private IPs excluded.
- raw
- inetnum: 221.224.0.0 - 221.231.255.255 netname: CHINANET-JS descr: CHINANET jiangsu province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CJ186-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: This object can only modify by APNIC hostmaster remarks: If you wish to modify this object details please remarks: send email to [email protected] with your remarks: organisation account name in the subject line. mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-JS mnt-routes: MAINT-CHINANET-JS mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:06:37Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-87799222 e-mail: [email protected] remarks: send anti-spam reports [email protected] remarks: send abuse reports [email protected] remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: [email protected] mnt-by: MAINT-CHINANET-JS last-modified: 2022-08-05T15:34:47Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
- references
- https://github.com/telekom-security/tpotce, https://redpiranha.net, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 24 threat reports