IPMediumSignal 63/100

`222.89.138.40`

Location

China

Guancheng, Henan

ASN

AS4134

Chinanet HA

First Seen

May 26, 2024

Last Seen

Jun 14, 2026

May 26

First Seen

757d ago

Jun 14

Last Seen

8d ago

Reports

source reports

63%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

63%

Signal Score

63 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

55 techniques

Network Information

Country

China

RegionGuancheng, Henan

ASNAS4134

OrganizationChinanet HA

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

29 reports63% confidence

Source reports

63%

Confidence score

Category tags

abuseabuseipdbaccess controlaccount compromiseactive scanactive scanningaggressive-detectionapacheapache attackerapplication layer protocolaptasiaattackattack source ipattacker-ipattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptsauto-generated securityautomated attackautomated threatbad reputationbad web botblocklist_allbotnetbotnet activitybotnet detectionbrute forcebrute force attackbrute force attackerbrute force attemptbrute-forcebrute-force attackbrute_forcebruteforcec2 communicationc2 detectionc2 serverchinacloud infrastructurecloud infrastructure attackcloud servicescncommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostsconnection-resetcowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential_accessctadata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedionaea honeypotdistributed attackseuropeexploitexploitation activityexploited hostexternal threatfail2ban detectedfail2ban triggeredfailed loginfailed login attemptsfattfinlandfranceftp brute forceftp brute-forcegame_servergermanyhackinghoneynet connecthoneytrap honeypothong konghttp brute forceidentity & access exploitationinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet facing systemsintrusion detectioniociot securityiot targetedipv4 addressesit infrastructurekill-chain exploitationkill-chain reconnaissancelateral movementlcialogin attemptlogin brute-forcelow-riskmailmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware filtermanualmod securitynetworknetwork anomaliesnetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork layer protocolnetwork probingnetwork protocolnetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americanoticeoceaniaopenctiosintp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandprocess injectionprotocol exploitationprotocol-probingproxyransomwarereconnaissanceremote accessremote loginremote servicesresearchedresource hijackingrule based detectionscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetservice scansftp attacksftp exploitation attemptssingaporesmb brute forcesmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringstaging_servert-pott1003t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588.004t1589t1589.002t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized accessunauthorized access attemptunited kingdomunited statesvalid accountsvoip attackvpnvpn ipvpsvulnerability scanvulnerability-exploitationweb app attackweb application attackweb attackweb exploitationweb spam

Activity Timeline

1 total obs

Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

63%

Confidence

Reports

First seenMay 26, 2024

Last seenJun 14, 2026

GeolocationCN

CountryChina

LocationGuancheng, Henan

ASNAS4134

OrgChinanet HA

Coords34.7657, 113.7530

ProxyVPN

VirusTotal

Not checked

WHOIS

description: timestamp=2026-05-13 23:30:01,519 CC=CN ASN=4134 Chinanet latitude=34.7732 longitude=113.722
raw: inetnum: 222.88.0.0 - 222.89.255.255 netname: CHINANET-HA descr: CHINANET henan province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: HZ149-AP tech-c: CH93-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-HA mnt-routes: MAINT-CHINANET-HA mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:04:49Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: Hongbiao Zhang nic-hdl: HZ149-AP e-mail: [email protected] address: 97# Zhongyuan Street, Zhengzhou City, China phone: +86 371 65310018 fax-no: +86 371 65310015 country: CN mnt-by: MAINT-CHINANET-HA last-modified: 2008-09-04T07:29:40Z source: APNIC
references: https://purplesynapz.com/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

`222.89.138.40`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey