IOC Radar
IPMediumSignal 33/100

43.248.102.90

Location
ChinaChina
Zhenjiang, Jiangsu
ASN
AS56046
Jiangsu Dongyun Cloud computing co., LTD
First Seen
Dec 28, 2024
Last Seen
May 10, 2026
Dec 28
First Seen
532d ago
May 10
Last Seen
34d ago
12
Reports
source reports
33%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
33%
Signal Score
33 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryCNChina
RegionZhenjiang, Jiangsu
ASNAS56046
OrganizationJiangsu Dongyun Cloud computing co., LTD

Feed Intelligence Summary

12 reports33% confidence
12
Source reports
33%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney honeypotasiaatif feedattackauto-generated securitybad reputationbanlist feedbinary defensebotnetbotnet activitybrute forcechinacisco devicecncommand and controlcommunication protocolconnectcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredecoy systemdevice managementdionaeadionaea honeypotdistributed attacksemailenterprise networkingexploitation activityftp brute forcegroupshoneytrap honeypotidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinjection activitykazakhstankaznetlamplamp exploitation attemptsmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemanualnetworknetwork infrastructurenetwork scanningnetwork securitynorth americaphishingphishing attackphishing trappotential malware distributionprocess injectionprotocol exploitationreconnaissanceresearchedresource hijackingscannerscriptsentrypeer botnetsftpsftp attacksipsip brute forcesip scanningslugsmtp brute forcesocial engineeringsshssh attackssh monitoringsurface webt1016t1018t1021t1040t1041t1046t1053t1055t1059t1071.001t1078t1110t1110.002t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003tcptelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodeunited statesvoipvoip attack

Activity Timeline

1 total obs
May 10May 10

Threat Activity Heatmap

· Peak: 2026-05-10
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
33
SIGNAL
Signal Score
33%
Confidence
12
Reports
First seenDec 28, 2024
Last seenMay 10, 2026
GeolocationCN
CountryChina
LocationZhenjiang, Jiangsu
ASNAS56046
OrgJiangsu Dongyun Cloud computing co., LTD
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
2025-02-06T18:32:26.269Z Honeypot : Dionaea : Source: 43.248.102.90 : Port: 1433 Connection: {'transport': 'tcp', 'type': 'accept', 'protocol': 'mssqld'}
raw
inetnum: 43.248.100.0 - 43.248.103.255 netname: DYIDC descr: Jiangsu Dongyun Cloud computing co., LTD descr: room 2208 building8 22nd floor Huangshan south road no. 36 descr: Runzhou District Zhenjiang City Jiangsu Province country: CN admin-c: YW6713-AP tech-c: JS3935-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP mnt-irt: IRT-DYIDC-CN last-modified: 2022-02-17T06:54:52Z source: APNIC irt: IRT-DYIDC-CN address: room 2208 building8 22nd floor Huangshan south road no. 36 address: Runzhou District Zhenjiang City Jiangsu Province e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: YW6713-AP tech-c: JS3935-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-08-26T09:00:28Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-19T17:20:32Z source: APNIC person: Yang wei address: room 2208 building8 22nd floor Huangshan south road no. 36 address: Runzhou District Zhenjiang City Jiangsu Province country: CN phone: +86-18605110008 e-mail: [email protected] nic-hdl: JS3935-AP mnt-by: MAINT-CNNIC-AP last-modified: 2017-02-07T09:54:01Z source: APNIC person: Yang jing address: room 2208 building8 22nd floor Huangshan south road no. 36 address: Runzhou District Zhenjiang City Jiangsu Province country: CN phone: +86-18505112228 e-mail: [email protected] nic-hdl: YW6713-AP mnt-by: MAINT-CNNIC-AP last-modified: 2017-02-07T09:54:01Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://threats.kz, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 12 threat reports