IOC Radar
IPMediumSignal 31/100

42.92.121.117

Location
ChinaChina
Zhangyelu, GS
ASN
AS4134
Chinanet GS
First Seen
Feb 4, 2024
Last Seen
Apr 27, 2026
Feb 4
First Seen
860d ago
Apr 27
Last Seen
46d ago
9
Reports
source reports
31%
Confidence
medium
2/91
VirusTotal
detections
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
31%
Signal Score
31 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryCNChina
RegionZhangyelu, GS
ASNAS4134
OrganizationChinanet GS

Feed Intelligence Summary

9 reports31% confidence
9
Source reports
31%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney honeypotasiaattackauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attemptschinacisco devicecisco device targetingcncommand and controlcommunication protocolcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securitydecoy systemdevice managementdionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingexploitation activityftp brute forcegithubgroupshackinghoneytrap honeypothttp brute forceidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityiot securitylamplamp exploitation attemptslamp stack targetingmailoney honeypotmalicious activitymalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturemalware hostingmanualnetworknetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork securityphishingphishing attackphishing trappossible botnet activitypossible exploit attemptpotential exploit activityprocess injectionpythonransomwarereconnaissanceresearchedresource hijackingscannerscanning activityscriptsentrypeer botnetsftpsftp attacksipsip enumerationsip vulnerability scanningslugsocial engineeringsshssh attackssh monitoringsurface webt1021t1021.002t1040t1041t1046t1053.005t1055t1059t1059.001t1059.004t1068t1071.001t1078t1110t1110.002t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeunauthorized accessvoipvoip attackvulnerability scan

Activity Timeline

1 total obs
Apr 27Apr 27

Threat Activity Heatmap

· Peak: 2026-04-27
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
31
SIGNAL
Signal Score
31%
Confidence
9
Reports
First seenFeb 4, 2024
Last seenApr 27, 2026
GeolocationCN
CountryChina
LocationZhangyelu, GS
ASNAS4134
OrgChinanet GS
Coords38.9266, 100.4480

VirusTotal

2/ 91vendors flagged
2% detection rateJun 8, 2026

WHOIS

description
2025-02-23T14:57:14.583Z Honeypot : ElasticPot : Source: 42.92.121.117 : Port: 9200 Event Type: Scan
raw
inetnum: 42.88.0.0 - 42.95.255.255 netname: CHINANET-GS descr: CHINANET Gansu province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: YZ37-AP tech-c: YZ37-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- notify: [email protected] mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-GS mnt-routes: MAINT-CHINANET-GS mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:06Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-09-04T00:59:42Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Yang Zhanrong address: CHINA,LANZHOU,No.405 Pingliang Road country: CN phone: +86-931-8395823 e-mail: [email protected] nic-hdl: YZ37-AP mnt-by: MAINT-CHINANET-GS last-modified: 2020-03-12T07:56:08Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 9 threat reports