221.231.81.240 Threat Intelligence and Host Information

Jun 14, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 221.231.81.240 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 56/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1037.003 - Network Logon Script, T1041 - Exfiltration Over C2 Channel, T1057 - Process Discovery, T1063 - Security Software Discovery, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1119 - Automated Collection, T1129 - Shared Modules, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1463 - Manipulate Device Communication, T1547 - Boot or Logon Autostart Execution, T1568 - Dynamic Resolution, T1583.005 - Botnet

  • Tags: 1000, 1688, aaaa, accept, accept encoding, active related, activexobject, advanced email, advertising botnet, adware, a li, alienvault, alipay, all octoseek, amazon ses, android, aplusscore, apoorv saxena, apple, april, area, arial, array, artro, as14061, as15169 google, as16276, as20940, as4808 china, as4812 china, as4837 china, as56047 china, as58461, as58542 tianjij, as9009 m247, as9808 china, ascii text, authority, autoit, b body, body, body length, botnet, bundled, button, cfunction, china unknown, chrome, ciphersuite, cnc, communicating, compiler, connection, contacted, contacted urls, control panel, cookie, copy, copyright, createclass, creation date, date, date fri, default, delete, delete c, delphi, detect ie, dns replication, domain, dropper, dynamicloader, e6e7eb, entries, error, exe32, execution, exif standard, explorer, f2f3f7, f7f8fa, false, february, ff6a00, files, file type, final url, find, font format, function, gecko, gmt contenttype, gmt path, head, helvetica, helvetica neue, hichina, high, historical ssl, html5, http, http response, indicator role, intel, ip address, ipv4, item, javascript, javascript code, jpeg image, json, jupdate, kb file, khtml, kraken, lazada, lenovo type, license, local, malware, markus, math, mbs, medium, meta, mining, moved, mozilla, ms windows, mtopwvplugin, name servers, network, next, ns nxdomain, null, nullj, nundefined, nxdomain, object, opacity0, opacity100, open threat, options, packer, parent domain, passive dns, patch, pe32, pe32 compiler, pecompact, pepo campaigns, pe resource, post, promise, pulse pulses, pulses, pulse submit, record value, referrer, regexp, resolutions, s1e4, scan endpoints, search, servers, service, set cookie, sha256, show, siblings, siblings domain, smartchat, span, spyware, ssl certificate, status, status code, substring, suspicious, switch, symbol, tabx explorer, tahoma, target, text, this, tiff image, title added, trace, twitter, typeerror, typeof, typeof define, typeof document, typeof e, typeof lib, typeof n, typeof require, typeof self, typeof symbol, typeof t, typosquatting, united, unknown, url analysis, url http, urls, vary, void, web open, webpackrequire, webview, whitelisted, whois domain, whois record, whois whois, win16 ne, win32, win32 exe, win32upatre feb, win64, windows, windows activex, windows nt, write, write c, xdomainrequest, xfunction, xmlhttprequest, xuexi, yara rule, yunos, zfunction, zusy, 阿里巴巴,1688,微商,微店,货源,女装批发,男装,b2b,批发,采购, 阿里巴巴,采购批发,1688,行业门户,网上贸易,b2b,电子商务,内贸,外贸,批发,行业资讯,网上贸易,网上交易,交易市场,在

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network:
  • Noticed: 3 times
  • Protocols Attacked: SSH
  • Countries Attacked: United States of America

Malware Detected on Host

Count: 12 ea8d41968cd4065178c53f0950cbe80d1733dd381dcaf41a961a6fe21b0b2510 06548389fee79e5f399db95a33fb0f011f8c086e110b74cb908f2a6f91197584 12e3749c0ba68d7f54eee73af9bb86ecc4c277e3abe010b7da524902c9d16636 5f1d1a60b761dddbeab587cfb2ff0a32bd223fb62f9c433a374d3c02a5512bca 4fc173b8fa3df97641660b4893c332892db3f5b86ab33468074a4c4f740cc6e5 a97ef3f2b08583422c8d4b5ae249906c3d3ed8da78d03bbc02673779a1e2cfce e31cad4a6f8e2fa9724e81d5e22c020486964bbdf2dccce0db48fe7bbe3a4462 8c48cefd325524b87c5078b9a7b44cf047315c54bf33f919075770fa0cefca0e 94e466f90cbd0726758f44c656626630a2123fbc9d429a989d74fa567fd4e0fe 74fd4a6679efd733f68578c38f90f19cfd5de138d593ab0070a6c9ae7508eaff

Map

Whois Information

  • inetnum: 221.224.0.0 - 221.231.255.255
  • netname: CHINANET-JS
  • descr: CHINANET jiangsu province network
  • descr: China Telecom
  • descr: A12,Xin-Jie-Kou-Wai Street
  • descr: Beijing 100088
  • country: CN
  • admin-c: CH93-AP
  • tech-c: CJ186-AP
  • abuse-c: AC1573-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: APNIC-HM
  • mnt-lower: MAINT-CHINANET-JS
  • mnt-routes: MAINT-CHINANET-JS
  • mnt-irt: IRT-CHINANET-CN
  • last-modified: 2021-06-15T08:06:37Z
  • irt: IRT-CHINANET-CN
  • address: No.31 ,jingrong street,beijing
  • address: 100032
  • e-mail: anti-spam@chinatelecom.cn
  • abuse-mailbox: anti-spam@chinatelecom.cn
  • admin-c: CH93-AP
  • tech-c: CH93-AP
  • mnt-by: MAINT-CHINANET
  • last-modified: 2025-04-24T03:21:26Z
  • role: ABUSE CHINANETCN
  • country: ZZ
  • address: No.31 ,jingrong street,beijing
  • address: 100032
  • phone: +000000000
  • e-mail: anti-spam@chinatelecom.cn
  • admin-c: CH93-AP
  • tech-c: CH93-AP
  • nic-hdl: AC1573-AP
  • abuse-mailbox: anti-spam@chinatelecom.cn
  • mnt-by: APNIC-ABUSE
  • last-modified: 2025-04-24T03:21:54Z
  • role: CHINANET JIANGSU
  • address: 260 Zhongyang Road,Nanjing 210037
  • country: CN
  • phone: +86-25-87799222
  • e-mail: jsipmanager@163.com
  • admin-c: CH360-AP
  • tech-c: CS306-AP
  • tech-c: CN142-AP
  • nic-hdl: CJ186-AP
  • notify: jsipmanager@163.com
  • mnt-by: MAINT-CHINANET-JS
  • last-modified: 2022-08-05T15:34:47Z
  • person: Chinanet Hostmaster
  • nic-hdl: CH93-AP
  • e-mail: anti-spam@chinatelecom.cn
  • address: No.31 ,jingrong street,beijing
  • address: 100032
  • phone: +86-10-58501724
  • fax-no: +86-10-58501724
  • country: CN
  • mnt-by: MAINT-CHINANET
  • last-modified: 2022-02-28T06:53:44Z

Links to attack logs

****** ****** ******

Share on: