IPMediumSignal 81/100

`116.55.229.234`

Location

China

Kunming, Yunnan

ASN

AS134765

Chinanet YN

First Seen

Aug 26, 2020

Last Seen

May 31, 2026

Aug 26

First Seen

2115d ago

May 31

Last Seen

11d ago

Reports

source reports

81%

Confidence

medium

Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

81%

Signal Score

81 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

70 techniques

Network Information

Country

China

RegionKunming, Yunnan

ASNAS134765

OrganizationChinanet YN

Feed Intelligence Summary

22 reports81% confidence

Source reports

81%

Confidence score

Category tags

abuseabuseipdbaccess attemptsaccount accessaccount compromiseactive scanactive scanningadbhoney honeypotaerospace & defenseapi abuseapplication layer protocolaptasiaatif feedattackaustraliaauthenticationauthentication attemptsauthentication failureauto-generated securityautomotive manufacturingbad reputationbad web botbanlist feedbinary defenseblock listblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec&cc2certchinachina mobilecisco devicecisco exploitationcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescncode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised systemcompromised systemsconnected devicesconpot honeypotcowriecowrie activitycowrie honeypotcredential accesscredential brute forcingcredential harvestingcredential stuffingcredential_accesscredential_stuffing_attemptdata breachdata encryptiondata exfiltrationdata store exposuredatabase securityddosdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdictionary attackdionaeadionaea activitydionaea honeypotdistributed attacksdnsdns attackelectronics manufacturingencryptionenterprise networkingenumerationeuropeexfiltrationexploitexploit attemptexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostfattfin scanfinancial motivationfinlandfirewall alertfranceftpftp brute forceftp scanftp_brute_forcegermanygovernment technologyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp scannerhttp_brute_forcehttpsics securityidentity & access exploitationindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot analyticsiot applicationsiot platformsiot securityiot/ics attacklamplamp exploit attemptslamp exploitationlamp server targetinglamp stack attackslamp stack exploitationlateral movementlinuxlogin attacklogin attemptlogin brute forcemailoney activitymailoney honeypotmalicious activitymalicious domainmalicious ip activitymalicious ip blockingmalicious login attemptsmalicious payload attemptsmalicious softwaremalicious software detectionmalwaremalware behaviourmalware capturemalware communicationmalware deliverymalware distributionmalware downloadmalware propagationmanualmanufacturing technologymilitary operationsmssqlnational securitynetworknetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork threatnetwork trafficnetwork traffic analysisnetwork_reconnaissancenextraynorth americanull scanoceaniaos credential dumpingp0fpassword attackpassword attackspassword_attackpasswordattackpgp signphishingphishing attackphishing trappolandpossible distributed attackpossible malicious activitypossible malware propagationpotential breachpotential credential theftpotential exploit targetingpotential intrusionprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlransomwarerdp_brute_forcereconnaissancereconnaissance activityredis honeypotregulatory agenciesremote accessremote service exploitationremote servicesresearchedresource developmentresource hijackingrtbhscanscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetservice scansftp access attemptssftp attacksftp attackssftp attemptsftp attemptssip attackssip brute forcesip scansip scanningsmart devicessmb attackssmb brute forcesmb scanningsmtpsmtp brute forcesmtp probingsocial engineeringsocradarsoftware exploitationspamsql injectionsshssh attackssh attacksssh monitoringssh scanssh_brute_forcesupply chain attacksupply chain managementsyn scansystem owner/user discoveryt1003t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1486t1490t1496t1497t1499.001t1499.002t1499.003t1539t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1590t1590.001t1591t1592t1595t1595.001t1595.002t1595.003t1598tannertargeting databasetcp protocoltcp scantcp scanningtcp_scantelecommunicationstelnet threattftp brute forcethreat actorthreat detectionthreat intelligencetimeouttor nodetpottsecudp port scanudp scanudp_scanunauthorized accessunauthorized access attemptunauthorized login attemptsunidentified malwareunited statesus nonevalid accountsvnc protocolvoipvoip attackvulnerability scanvultr_platformweb app attackweb application attackweb attackweb exploitationweb serverweb server attacksweb shell uploadsweb spamweb trafficxamzexpires300xmas scanxss

Activity Timeline

1 total obs

May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The identified Indicator of Compromise (IOC), an IPv4 address `116.55.229.234`, represents a significant and active threat to organizational cybersecurity. With a high threat score of 80.79, this IOC is widely reported across numerous reputable threat intelligence feeds, strongly linking it to various malicious activities. These activities include extensive reconnaissance, brute-force attempts against services like MSSQL, and exploitation of known vulnerabilities. The presence of this IP address…

Threat ScoreHigh Risk

SIGNAL

Signal Score

81%

Confidence

Reports

First seenAug 26, 2020

Last seenMay 31, 2026

GeolocationCN

CountryChina

LocationKunming, Yunnan

ASNAS134765

OrgChinanet YN

Coords25.0453, 102.7100

VirusTotal

Not checked

WHOIS

description: seen in Dionaea honeypot logs; events=1; services=mssqld; ports=1433; cc=CN; asn=134765; asn_org=CHINANET Yunnan province IDC1 network; user(top)=**
raw: inetnum: 116.52.0.0 - 116.55.255.255 netname: CHINANET-YN descr: CHINANET YUNNAN PROVINCE NETWORK descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: ZL48-AP tech-c: ZL48-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET mnt-lower: MAINT-CHINANET-YN mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:01Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: zhiyong liu nic-hdl: ZL48-AP e-mail: [email protected] address: 136 beijin roadkunmingchina phone: +86-871-68226585 fax-no: +86-871-8221536 country: CN mnt-by: MAINT-CHINANET-YN last-modified: 2018-12-27T01:58:34Z source: APNIC

`116.55.229.234`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy