IOC Radar
IPMediumSignal 68/100

111.225.149.109

Location
ChinaChina
Shijiazhuang, GD
ASN
AS4134
Chinanet HE
First Seen
Aug 30, 2023
Last Seen
May 30, 2026
Aug 30
First Seen
1015d ago
May 30
Last Seen
11d ago
9
Reports
source reports
68%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

10 techniques

Network Information

CountryCNChina
RegionShijiazhuang, GD
ASNAS4134
OrganizationChinanet HE

Feed Intelligence Summary

9 reports68% confidence
9
Source reports
68%
Confidence score
Category tags
active scanactive scanningantispamasiaauto-blockedbad reputationbad web botbeningbening scannerbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebytespider-benignchinacncredential accesscredential stuffingddosddos attackdenial of serviceencryptionexploitation activityexploited hostftp brute-forcehackingidentity & access exploitationindicatorinjection activityiot securityiot targetedlog4jnetworkpassword attacksphishingping of deathreconnaissanceresearchedscannerspamsql injectionsshssh attackssl-enrichmentt1110.001t1110.002t1110.003t1110.004t1190t1203t1499.001t1595.001t1595.002t1595.003targeting databasethreat-intelverified-benignwebweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
9
Reports
First seenAug 30, 2023
Last seenMay 30, 2026
GeolocationCN
CountryChina
LocationShijiazhuang, GD
ASNAS4134
OrgChinanet HE
Coords22.5318, 114.1374

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected performing web attacks against Cloudflare honeypot edge
raw
inetnum: 111.224.0.0 - 111.227.255.255 netname: CHINANET-HE descr: CHINANET hebei province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: CH93-AP tech-c: BR3-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-HE mnt-routes: MAINT-CHINANET-HE mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:06:20Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-11-13 mnt-by: MAINT-CHINANET last-modified: 2026-03-13T07:12:20Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-11-13 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-11-13T14:15:15Z source: APNIC person: Bin Ren nic-hdl: BR3-AP e-mail: [email protected] address: NO.69 KunLun avenue, Shijiazhuang 050000 China phone: +86-311-85211771 fax-no: +86-311-85202145 country: CN mnt-by: MAINT-CHINANET-HE last-modified: 2019-03-20T02:47:26Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
references
https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-16/, https://jamesbrine.com.au, https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://www.abuseipdb.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 11 days ago
Appeared in 9 threat reports