IOC Radar
IPMediumSignal 47/100

222.74.198.58

Location
ChinaChina
Xilinhot, Inner Mongolia
ASN
AS4134
Chinanet NM
First Seen
Nov 30, 2024
Last Seen
May 31, 2026
Nov 30
First Seen
560d ago
May 31
Last Seen
13d ago
12
Reports
source reports
47%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryCNChina
RegionXilinhot, Inner Mongolia
ASNAS4134
OrganizationChinanet NM

Feed Intelligence Summary

12 reports47% confidence
12
Source reports
47%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningaptasiaattackaustraliaauthentication attacksauto-generated securityautomated attacksbad reputationbad web botbotnetbotnet activitybotnet communicationbrute forcebrute force attackbrute force attacksbrute-forcec2 activitychinacisco devicecloud infrastructurecloud infrastructure attackcloud servicescncommand & controlcommand and controlcommunication protocolcowriecowrie honeypotcredential accesscredential guessingcredential stuffingdata exfiltrationdata store exposuredatabase attackddosdecoy systemdenial of servicedevice managementdionaeadionaea honeypotenterprise networkingexploitation activityexploited hostfattftpftp brute forcehackinghoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorlamplateral movementmailoney honeypotmalicious activitymalwaremalware behaviourmalware capturemalware distribution attemptnetworknetwork discoverynetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork scanningnetwork securityoceaniaopenctip0fpassword attacksphishingphishing attackphishing trapprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscannerssecurity policysensor-taggedsentrypeer botnetsftp attacksmtpsmtp brute forcesshssh attackssh monitoringsystem accesssystem discoveryt1018t1021t1021.001t1040t1041t1046t1053t1056t1059t1065t1068t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1496t1499.001t1499.002t1563t1566t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanvoipvoip attackweb app attackweb application attackweb exploitweb exploitationweb traffic

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
12
Reports
First seenNov 30, 2024
Last seenMay 31, 2026
GeolocationCN
CountryChina
LocationXilinhot, Inner Mongolia
ASNAS4134
OrgChinanet NM
Coords43.9335, 116.0480

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=honeytrap, p0f, suricata; threshold?1; private IPs excluded. geo=CN; ports=5985 Location=Sydney, Australia.
raw
inetnum: 222.74.0.0 - 222.74.255.255 netname: CHINANET-NM descr: CHINANET neimeng province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: CY690-AP tech-c: CH93-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+- remarks: This object can only be updated by APNIC hostmasters. remarks: To update this object, please contact APNIC remarks: hostmasters and include your organisation's account remarks: name in the subject line. remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-NM mnt-routes: MAINT-CHINANET-NM mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:04:55Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: Cao Yong Gang nic-hdl: CY690-AP e-mail: [email protected] address: the 8th floorses of Postal service mansion,Train station east street,Huhhot,010020 phone: +86-471-3386960 fax-no: +86-471-3380003 country: CN mnt-by: MAINT-CHINANET-NM last-modified: 2021-05-06T02:10:03Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 13 days ago
Appeared in 12 threat reports