221.231.81.248 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 221.231.81.248 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1037.003 - Network Logon Script, T1041 - Exfiltration Over C2 Channel, T1057 - Process Discovery, T1063 - Security Software Discovery, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1119 - Automated Collection, T1129 - Shared Modules, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1463 - Manipulate Device Communication, T1568 - Dynamic Resolution, T1583.005 - Botnet

• Tags: aaaa, accept, accept encoding, active related, advanced email, advertising botnet, adware, a li, alienvault, all octoseek, amazon ses, apple, april, artro, as14061, as15169 google, as16276, as20940, as4808 china, as4812 china, as4837 china, as56047 china, as58461, as58542 tianjij, as9009 m247, as9808 china, ascii text, authority, autoit, b body, body, body length, botnet, bundled, china unknown, ciphersuite, cnc, communicating, compiler, connection, contacted, contacted urls, control panel, cookie, copy, creation date, date, date fri, default, delete, delete c, delphi, dns replication, domain, dropper, dynamicloader, entries, exe32, execution, exif standard, explorer, february, files, file type, final url, find, font format, gecko, gmt path, hichina, high, historical ssl, http, http response, indicator role, intel, ip address, ipv4, item, javascript, javascript code, jpeg image, json, kb file, khtml, lenovo type, local, malware, markus, mbs, medium, meta, mining, moved, ms windows, name servers, network, next, ns nxdomain, nxdomain, open threat, packer, parent domain, passive dns, pe32, pe32 compiler, pecompact, pepo campaigns, pe resource, pulse pulses, pulses, pulse submit, record value, referrer, resolutions, scan endpoints, search, servers, service, set cookie, sha256, show, siblings, siblings domain, smartchat, span, spyware, ssl certificate, status, status code, suspicious, switch, tabx explorer, target, text, tiff image, title added, twitter, typosquatting, united, unknown, url analysis, url http, urls, vary, web open, whitelisted, whois domain, whois record, whois whois, win16 ne, win32, win32 exe, win32upatre feb, win64, windows, windows activex, windows nt, write, write c, yara rule, zusy

• View other sources: Spamhaus VirusTotal

• Country: China
• Network:
• Noticed: 2 times
• Protocols Attacked: SSH
• Countries Attacked: United States of America
• Passive DNS Results: www.chinaclo2.cn dl01-yldr-backup.lelehuyou.com www.cncdd.cn www.bjhytech.cn www.weituoprecision.cn zzpaas.com xianhoutouzi.com jinditea.com slgjgyl.com web.171yq.com billconsulting.top www.csvalve.cn www.strongmach.cn server.guojihaitao.com art16.cn up.cp33.ott.cibntv.net www.skysport-pro.com www.guojihaitao.com www.mztesting.com thk-tdz.com szfbxs.com jasonsholdings.com www.shanghaiqilu.com www.020glzl.com www.meetyouuk.com synovel.com.cn docs-res.laiye.com www.juliagabriel.com.cn www.china-springs.com www.phlawyer.com.cn www.bleetek.com www.dexinsoft.cn www.synovel.com.cn www.shufa.fun bres.gaopai66.com zs365.net mmbagy.com jasonscap.com qimotrading.com www.lixiaozhu.com dx8a.198449.com.w.kunluncan.com authoe.com cdn-m.my1000.cn chaogeshuxue.cc www.fusyuan.cn bx18.qy82pgi.cn guide4.wcfciiv.fit news.yibaijiankang.com www.runmaxing.com.cn authorisation2.qutshengh.com www.yanwulife.com bj10.qyzba.top guide2.wcfciiv.fit www.lawsdom.com www.kaokeart.com tongdaoren.cn www.myjoybot.cn hongyouhr.com.cn www.zworkroom.com dx9a.198449.com dx9a.198449.com.w.kunluncan.com yanyist.com 6w3.cn www.jianyangtextile.com braziliansnack.com www.furun-bio.com 05.xz2.pogou.net.w.kunluncan.com www.qidianfu.com www.cqbestand.com cqbestand.com irunbu.com lingpai1738.com ericyangmedtech.com fuminjiaotang.com rs.firewick.net player-update.whrszx.com zishun.com.cn posilan.com.cn i-yj.cn ldmaxcell.com csleis.com szfornet.com fishxy-ali.carolperrylaw.com www.tzindustrial.com www.flyswimming.com www.prdckw.com pumeng.net nfudi.com groupchem.com dl.res.wjapi.com bizhong.cn lezhining.com honghuyanxue.com www.keyispace.com aszaanquan.com hb95baoan.com hrw99.com haibojin.com zcyk365.com www.hangyu-riee.com 51035517.com www.51035517.com hunanzxjs.com raautomation.com www.sunteamwork.com bjzdlk.com www.shbaiyun.top shbaiyun.top plugin.pc.xunlei.com www.xingchenpharma.com www.knowhowlawfirm.com www.rjyl.net www.raautomation.com www.piezoxyz.com www.friend-tech.cn begardtech.com rlinear.com friend-tech.cn www.grit-bio.com grit-bio.com www.secolchemical.com gxzy-chips.com yexin.pro 51chinapr.com down.jxjatv.com.w.kunluncan.com www.lssthh.com sqisoft.cn xhtax.taxbot.leyantech.com www.yexin.pro www.jczn1688.com www.stars520.com fantasyacg.com chubaofood.com jhesoft.com.cn fanxtech.com.cn www.fanxtech.com.cn xhkj.govbot.leyantech.com bx18.qyigvrd.cn bx17.qyigvrd.cn www.imegolife.com.cn www.imegolife.net image5.znztv.com maiouli.com www.ritai.com ynxinxi.com www.casachy.com xaiobaizf.top xunlpay.com www.xunlpay.com image8.znztv.com www.sdoka.com www.igo17.com www.bjgtl.com.cn www.xiaopinchina.com www.shiygroup.com shiygroup.com www.zhongqiaohuiyi.com www.cngmtc.cn bx8.qydomain.com xhtax.taxconsultant.leyantech.com www.hiie.org.cn hiie.org.cn media.info.client.xunlei.com.w.kunlungr.com trucknow.com.cn www.shanion.com www.sfnfz.com hbzkzx.com www.mycareer.net www.vanfude.com pci.pmphai.com qinteng.cc qingying.wang ciic-z.com.cn www.yqqc.com res.toryburch.cn xhtax.taxreview.leyantech.com hoentzsch.site www.szjmc.net zhongyunxuetang.com www.wxsgzl.com wxsgzl.com kyree.com.cn www.ydbridge.top www.ysmed.com.cn www.cliexpo.org.cn wts-cdn.mmtdev.com www.fang-zone.com jdx86.com www.mimeyoi.com hongxinhui.cn www.fastong.net www.reqsafe.cn www.kymmedical.com duooling.com huixieyun.com www.icetop.com.cn www.jxwtyt.com haoruidajixie.com www.haoruidajixie.com www.i-shyy.com ms.nxnsbw.cn www.6djf.com 6djf.com jzsycloud.com sz-sanwen.com www.hljzrzydcy.org.cn www.mthansheng.com www.aiyijie.com.cn dev.xweb.leyantech.com www.pusitech.cn www.goodtake.cn goodtake.cn www.leibosq.com leibosq.com xinlingzg.com huafeizj.com www.zhongyijianye.com xingyunstar.com bsffloor.com ningbohuifeng.com mthansheng.com guide6.wcfciiv.cn www.sh-ume.com www.plapa66.com ushio-py.com.cn fire-test.com syxytc.com www.shengjielan.cn 3ct.cc leeyeee.com www.becker-mining.com.cn static.sulaipingxuan.com yuanqihulian.com www.yuanqihulian.com www.yceto.cn bx14.qyuoqiq.cn yun.tuitiger.com.w.kunluncan.com lilianyuanhang.com jiefengrong.com rjsoft.xnayw.cn yizhongfood.com www.sanyikeji.com.cn www.starchannel.cn starchannel.cn www.chenyasw.com chenyasw.com guide4.wcfciiv.cn www.bestvdc.com www.jyt.art www.laser-shield.com www.sanpont.com.cn hikcode.com all.yhzu.cn.w.kunluncan.com xingkuoinvest.com attendance.baiying.com.cn shuntianyi.com.cn www.whysolar.cn www.shusengz.com v.xinxinchuanmei.com fosurtech.com znhbjx.cn gdeastyu.com www.beijingmeiti.com www.beijingmeiti.com.w.kunluncan.com minicheer.com zuat-static.aia.com.cn z-static.aia.com.cn euat-static.aia.com.cn etest-static.aia.com.cn www.ailabells.cn mt-static.aia.com.cn mtest-static.aia.com.cn m-static.aia.com.cn muat-static.aia.com.cn www.gztongchuang.cn www.linwon.net cartilageeng.com www.tydckj.com exosomehome.com www.careerfutura.com.cn pepcoin-oss.pepcoinbypepsico.com.cn www.fjjpyf.com mhplawyersz.com www.cyzhg.com www.xpcgs.com www.sophbot.com www.nisha-energy.com gamepingce.com bossonresearch.com www.wyj-tech.com.cn wyj-tech.com.cn www.guliguli.tech www.huoliangdesign.cn waltonedu.cn cpic.kfc.com.cn.w.kunluncan.com ynzjxh.cn anjingai.com www.airtou.cn www.xinmiaolink.com konhaiseafoods.com www.konhaiseafoods.com www.fs-rv.com www.bjxdrt.cn www.ahgbxy.gov.cn good-mart.cn aacj.dianlut.com.w.kunluncan.com www.coach-graduate.com download.5211game.com.w.kunlungr.com datajt.com www.shycst.com.w.kunluncan.com service.mercurycom.com.cn service.mercurycom.com.cn.w.kunlungr.com www.hongyeguoji.com.cn www.telchina.net hlshare.com atour-dev.qiniu.yaduo.com www.siok-semi.com pics-house.beihai365.cc njjwt.cn www.ibestcc.com qnos.qqkids.tech upload.buzhoushan.top alphacommune.com www.sinopharm-cmdc.com.cn static.bloomapp.com.cn www.promind-tech.com promind-tech.com img.iswant.com data.bbkcdp.com img.52smile.vip img5.zhanqi.tv ckgleddisplay.com gdyjsh.com martlong.com file.losey.top cdn.ljybill.com images.iteay.top appletimg.sdzydljz.com qiniu.soulmate.run static.ximalaya.dongtu.com static.dtyzminiapp.dongtu.com resource.bcgame-face2face.haorenao.cn 55561887.com xundaoapp.com pygfile.peiyinge.com zlwei.com showmephoto.com v2.103yx.com szliuqi.cn user.cdn.iopus.cn qiniu.exspeed.cn refra.cc www.scitec.vip mibebio.com www.mibebio.com mibebio.com.w.kunluncan.com ysctechnology.com www.ojindiy.com ojindiy.com pioneerpractice.net www.qiqingedu.com.cn scitec.vip www.jiuxxy.com scrm.hanchengedu.com.cn 9az10.197784.com.w.kunluncan.com www.ihuaface.com www.binary-semi.com www.xuyuanbattery.com www.lvankeji.cn lvankeji.cn www.chinanuoyi.cn www.365edian.com www.veacen.cn veacen.cn hbyuekangzhideyy.com bihosen.com.cn www.bihosen.com.cn www.hbyuekangzhideyy.com.w.kunluncan.com test.cdn.heytea.com www.zlong.cq.cn www.hexindianzi.com jsnykm.com gyfz.cn anto-cn.com wzdigital.cn bjwglf.com www.bjwglf.com www.dechengdl.com o.bhzck.xyz zenker-baking.cn.w.kunluncan.com youxinic.com www.nimovision.com.w.kunluncan.com yuantaico.com www.yuantaico.com www.sunde-cn.com brilliant-solution.com www.brilliant-solution.com xlccable.cn xiangtaiwu.com www.wzdigital.cn leviton-china.com aokia.com.cn www.aokia.com.cn www.ukonphoto.com www.youxinic.com defendertech.cn ukon.com.cn www.ukon.com.cn xw-edu.com qygz.top huabang360.com www.luhongkj.com gdys.ltd lcgh.org.cn ta.szxiaoxinxin.com kaibobao.com video.yiban.baiten.cn www.bigooi.com www.sh-jztech.com www.nfdcchina.com www.cfic.cc www.jensur.cn jlkpas.com apps.risingauto.com.w.kunluncan.com www.xiubiaola.com image01.oneplus.cn.w.kunluncan.com img.fhyx.com.w.kunluncan.com soservicedesign.com p.bhzck.xyz www.csuvyl.com www.vilang.com vilang.com www.lightsact.com www.cyberbeast.cn sh-jztech.com www.mandielec.com www.zhuoxilab.com www.gw938.vip www.conebody.com guangjianyan.com www.powertronics.cn bangying360.com swbhb.com www.bangying360.com gd-jingong.com qg.zzmmqgzx.com www.jcwxdf.com www.hzwenyan.cn www.zybc.com oss.wlhy.kuaihuoyun.com www.huyitang.com www.wugee.net.cn www.bioprobeschina.com download.xp666.com www.wknowbio.com xrzgjhy.com www.xrzgjhy.com www.leboaieducation.cn www.leboaieducation.com www.iiqoo.com www.cogitate.cn www.elacube.com image2.znztool.com pf-cfcp.cn www.pf-cfcp.cn www.wefxl.com wefxl.com wdit.com.cn www.litorque.com rjjintel.com txdgw.com.cn www.worth-future.com www.eurotect.cn eurotect.cn www.metisinfor.com cangqiong2.17dawan.com www.incarehab.net www.jingjinzhihui.com jingjinzhihui.com www.betterteams.cn img.chuanyuapp.com uds2.103yx.com mcupojie.com views-cdn.easyliao.com.w.kunluncan.com www.ghzs666.com.w.alikunlun.com static.oneniceapp.com.w.kunluncan.com at1.jyimg.com.w.kunluncan.com xmty1988.com.w.kunluncan.com luna-dict-community.nosdn.127.net.w.kunluncan.com h.xinhuaxmt.com.w.kunluncan.com z.itpub.net.w.kunluncan.com at2.jyimg.com.w.kunluncan.com static-web.ghzs.com.w.cdngslb.com t3.jyimg.com.w.kunluncan.com at4.jyimg.com.w.kunluncan.com assets.leetcode.cn.w.kunluncan.com download.cntv.cn.w.kunluncan.com www.cdi.cn www.jy0859.com www.royalstar-elevator.com

Malware Detected on Host

Count: 11 ea8d41968cd4065178c53f0950cbe80d1733dd381dcaf41a961a6fe21b0b2510 05350d1780b11da105b91e2d6c46f95ee6462ca008f89733b6a3bf14c8c08918 abff102a04ecd32432bb7f7cc676966cfc356a19420f67483401f83921787edc 0040e0b39bcd3ab53adee5bba02e336ee96839282c93bc41ca057b4dcf6069d0 d26f4052b01952274e4973307d61b5968cfa8c0c4f91c0f7039fd858e56d844e 58c54d6f7d70220287cae2cad452bd1a398a55a1bc0f812d49044336746a8cd6 14ea03cf8e3bbfa81c316d1248eaee5df7bf2409bf550640f288c0134b2f3b33 c06f820b7c881618372fcf508a460a10c8738d897b09b8845affd2829d6dd100 32e9750bc1d261f2c69a3ed0658fd0670dba0c9491c0aaff5de5d388280c45a5 e2e1e760fe0a4d38852d655f595a2078ddfa8d1d1bdccedd2293fb670d7b1187

Map

Whois Information

• inetnum: 221.224.0.0 - 221.231.255.255
• netname: CHINANET-JS
• descr: CHINANET jiangsu province network
• descr: China Telecom
• descr: A12,Xin-Jie-Kou-Wai Street
• descr: Beijing 100088
• country: CN
• admin-c: CH93-AP
• tech-c: CJ186-AP
• abuse-c: AC1573-AP
• status: ALLOCATED PORTABLE
• mnt-by: APNIC-HM
• mnt-lower: MAINT-CHINANET-JS
• mnt-routes: MAINT-CHINANET-JS
• mnt-irt: IRT-CHINANET-CN
• last-modified: 2021-06-15T08:06:37Z
• irt: IRT-CHINANET-CN
• address: No.31 ,jingrong street,beijing
• address: 100032
• e-mail: anti-spam@chinatelecom.cn
• abuse-mailbox: anti-spam@chinatelecom.cn
• admin-c: CH93-AP
• tech-c: CH93-AP
• mnt-by: MAINT-CHINANET
• last-modified: 2025-04-24T03:21:26Z
• role: ABUSE CHINANETCN
• country: ZZ
• address: No.31 ,jingrong street,beijing
• address: 100032
• phone: +000000000
• e-mail: anti-spam@chinatelecom.cn
• admin-c: CH93-AP
• tech-c: CH93-AP
• nic-hdl: AC1573-AP
• abuse-mailbox: anti-spam@chinatelecom.cn
• mnt-by: APNIC-ABUSE
• last-modified: 2025-04-24T03:21:54Z
• role: CHINANET JIANGSU
• address: 260 Zhongyang Road,Nanjing 210037
• country: CN
• phone: +86-25-87799222
• e-mail: jsipmanager@163.com
• admin-c: CH360-AP
• tech-c: CS306-AP
• tech-c: CN142-AP
• nic-hdl: CJ186-AP
• notify: jsipmanager@163.com
• mnt-by: MAINT-CHINANET-JS
• last-modified: 2022-08-05T15:34:47Z
• person: Chinanet Hostmaster
• nic-hdl: CH93-AP
• e-mail: anti-spam@chinatelecom.cn
• address: No.31 ,jingrong street,beijing
• address: 100032
• phone: +86-10-58501724
• fax-no: +86-10-58501724
• country: CN
• mnt-by: MAINT-CHINANET
• last-modified: 2022-02-28T06:53:44Z

Links to attack logs

****** ****** ******