IPMediumSignal 100/100
111.161.65.209
Location
ChinaTianjin, Tianjin
ASN
AS4837
China Unicom Tianjin Province Network
First Seen
Dec 6, 2024
Last Seen
Nov 28, 2025
Dec 6
First Seen
551d ago
Nov 28
Last Seen
194d ago
18
Reports
source reports
99%
Confidence
medium
1/91
VirusTotal
detections
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionTianjin, Tianjin
ASNAS4837
OrganizationChina Unicom Tianjin Province Network
Feed Intelligence Summary
18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abuseaccess attemptaccess controlactive scanningapacheapache attacksapache vulnerability scanningasiaatif feedattackaustraliaaustralia network activityauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failureauto-generated securitybad web botbanlist feedbinary defenseblog spambotnetbrute forcebrute force attackbrute force attacksbrute force attemptc2c2 serverchinacncommand and controlcommunication protocolcompromise attemptcompromised hostcompromised hostscowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata theftddosddos attackdecoy systemdenial of servicedistributed attackseuropeexploit attemptexploit reconnaissanceexploited hostfail2ban triggeredfinlandftpftp brute forcehackingindicatorindonesiainformation technologyinfrastructure acquisitionreconnaissanceintrusion detectioniocit infrastructurelogin attackmailmalicious activitymalicious softwaremalwaremalware distributionmanualmod securitymodsecurity alertsmodsecurity attacksnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork trafficnetwork traffic analysisoceaniapassword attackpassword attacksphishing attackping of deathprocess injectionprotocol exploitationreconnaissanceredpiranhareferenceremote accessremote servicesresearchedscanscannersecurity operationssecurity policyservice: ftpservice: sshsip scanningsipvicious scansocial engineeringsocradar honeypotsoftware developmentspamssh attackssh monitoringssh scanningt-pott1018t1021t1021.004t1040t1046t1053t1055t1059t1059.004t1071t1071.001t1078t1078.004t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1555.003t1565t1566.001t1566.002t1566.003t1573t1587.001t1589t1589.002t1590t1590.001t1591t1595t1595.001t1595.002t1595.003tcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontpotudp scanunauthorized accessunauthorized access attemptunited kingdomunknown threat actorvoipweb application attackweb attacksweb brute forceweb exploitationweb spamwordpress brute force
Activity Timeline
Nov 28Nov 28
Threat Activity Heatmap
· Peak: 2025-11-28LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenDec 6, 2024
Last seenNov 28, 2025
GeolocationCN
CountryChina
LocationTianjin, Tianjin
ASNAS4837
OrgChina Unicom Tianjin Province Network
Coords34.7732, 113.7220
WHOIS
- description
- Honeypot
- raw
- inetnum: 111.160.0.0 - 111.167.255.255 netname: UNICOM-TJ descr: China Unicom Tianjin province network descr: China Unicom country: CN admin-c: CH455-AP tech-c: HZ19-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-TJ mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2023-10-21T03:33:42Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC role: CNCGroup Hostmaster e-mail: [email protected] address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China nic-hdl: CH455-AP phone: +86-10-82993155 fax-no: +86-10-82993102 country: CN admin-c: CH444-AP tech-c: CH444-AP mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:15Z source: APNIC person: huang zheng nic-hdl: HZ19-AP e-mail: [email protected] address: 76 NO, ShiZiLin Street ,HeBei district of Tianjin,China phone: +86-22-24459190 fax-no: +86-22-24454499 country: CN mnt-by: MAINT-CNCGROUP-TJ last-modified: 2012-07-13T05:56:27Z source: APNIC route: 111.160.0.0/13 descr: China Unicom Tianjin Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2009-05-22T06:21:10Z source: APNIC
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 6 months ago
Appeared in 18 threat reports