221.231.81.242 Threat Intelligence and Host Information

Jun 14, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 221.231.81.242 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1037.003 - Network Logon Script, T1041 - Exfiltration Over C2 Channel, T1057 - Process Discovery, T1063 - Security Software Discovery, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1119 - Automated Collection, T1129 - Shared Modules, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1463 - Manipulate Device Communication, T1568 - Dynamic Resolution, T1583.005 - Botnet

  • Tags: aaaa, accept, accept encoding, active related, advanced email, advertising botnet, adware, a li, alienvault, all octoseek, amazon ses, apple, april, artro, as14061, as15169 google, as16276, as20940, as4808 china, as4812 china, as4837 china, as56047 china, as58461, as58542 tianjij, as9009 m247, as9808 china, ascii text, authority, autoit, b body, body, body length, botnet, bundled, china unknown, ciphersuite, cnc, communicating, compiler, connection, contacted, contacted urls, control panel, cookie, copy, creation date, date, date fri, default, delete, delete c, delphi, dns replication, domain, dropper, dynamicloader, entries, exe32, execution, exif standard, explorer, february, files, file type, final url, find, font format, gecko, gmt path, hichina, high, historical ssl, http, http response, indicator role, intel, ip address, ipv4, item, javascript, javascript code, jpeg image, json, kb file, khtml, lenovo type, local, malware, markus, mbs, medium, meta, mining, moved, ms windows, name servers, network, next, ns nxdomain, nxdomain, open threat, packer, parent domain, passive dns, pe32, pe32 compiler, pecompact, pepo campaigns, pe resource, pulse pulses, pulses, pulse submit, record value, referrer, resolutions, scan endpoints, search, servers, service, set cookie, sha256, show, siblings, siblings domain, smartchat, span, spyware, ssl certificate, status, status code, suspicious, switch, tabx explorer, target, text, tiff image, title added, twitter, typosquatting, united, unknown, url analysis, url http, urls, vary, web open, whitelisted, whois domain, whois record, whois whois, win16 ne, win32, win32 exe, win32upatre feb, win64, windows, windows activex, windows nt, write, write c, yara rule, zusy

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network:
  • Noticed: 2 times
  • Protocols Attacked: SSH
  • Countries Attacked: United States of America

Malware Detected on Host

Count: 28 c935d0eba7f3be5a60eb37f11094e56b522b536139148d5146891a857e0243fc b9d4638e3e1e8f92c4d8bec35674511d3a0d6a0e4f53ca3ab61fb384707031e8 ea8d41968cd4065178c53f0950cbe80d1733dd381dcaf41a961a6fe21b0b2510 d38945c946e1664c07010c88fb4d6ade79dd0caac1e1284979e8bcaa8a1d90ea e03f72acc43ff9f1b395cc8e2c4396d42146a94947c1c0e71a9de78049d5efff 545534f817c9fa3c63bdbcf87d4811b0cc00c611439180ca70cd5c08d0da8b1e 3552ca027e67e7e0a872a7c4999d4a79f6d43db6e5311da62c3ef31de4400eca ebe862a3ad98c7bb334b27aa569d4d2f2a83156b6bc61e1a2cae16f0f10e0fb1 7ae2d42d41d087555a9bbe2718d8fb56e6439aa376ee16a3e18034bdbb017aac 229fc42da42923411c761ba3bc27a187207f18c33ade536a304c6d7758871c02

Map

Whois Information

  • inetnum: 221.224.0.0 - 221.231.255.255
  • netname: CHINANET-JS
  • descr: CHINANET jiangsu province network
  • descr: China Telecom
  • descr: A12,Xin-Jie-Kou-Wai Street
  • descr: Beijing 100088
  • country: CN
  • admin-c: CH93-AP
  • tech-c: CJ186-AP
  • abuse-c: AC1573-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: APNIC-HM
  • mnt-lower: MAINT-CHINANET-JS
  • mnt-routes: MAINT-CHINANET-JS
  • mnt-irt: IRT-CHINANET-CN
  • last-modified: 2021-06-15T08:06:37Z
  • irt: IRT-CHINANET-CN
  • address: No.31 ,jingrong street,beijing
  • address: 100032
  • e-mail: anti-spam@chinatelecom.cn
  • abuse-mailbox: anti-spam@chinatelecom.cn
  • admin-c: CH93-AP
  • tech-c: CH93-AP
  • mnt-by: MAINT-CHINANET
  • last-modified: 2025-04-24T03:21:26Z
  • role: ABUSE CHINANETCN
  • country: ZZ
  • address: No.31 ,jingrong street,beijing
  • address: 100032
  • phone: +000000000
  • e-mail: anti-spam@chinatelecom.cn
  • admin-c: CH93-AP
  • tech-c: CH93-AP
  • nic-hdl: AC1573-AP
  • abuse-mailbox: anti-spam@chinatelecom.cn
  • mnt-by: APNIC-ABUSE
  • last-modified: 2025-04-24T03:21:54Z
  • role: CHINANET JIANGSU
  • address: 260 Zhongyang Road,Nanjing 210037
  • country: CN
  • phone: +86-25-87799222
  • e-mail: jsipmanager@163.com
  • admin-c: CH360-AP
  • tech-c: CS306-AP
  • tech-c: CN142-AP
  • nic-hdl: CJ186-AP
  • notify: jsipmanager@163.com
  • mnt-by: MAINT-CHINANET-JS
  • last-modified: 2022-08-05T15:34:47Z
  • person: Chinanet Hostmaster
  • nic-hdl: CH93-AP
  • e-mail: anti-spam@chinatelecom.cn
  • address: No.31 ,jingrong street,beijing
  • address: 100032
  • phone: +86-10-58501724
  • fax-no: +86-10-58501724
  • country: CN
  • mnt-by: MAINT-CHINANET
  • last-modified: 2022-02-28T06:53:44Z

Links to attack logs

****** ****** ******

Share on: