IOC Radar
IPMediumSignal 58/100

111.229.19.220

Location
ChinaChina
Shanghai, Shanghai
ASN
AS45090
Tencent cloud computing (Beijing) Co., Ltd.
First Seen
Mar 13, 2025
Last Seen
May 20, 2026
Mar 13
First Seen
458d ago
May 20
Last Seen
25d ago
12
Reports
source reports
58%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

20 techniques

Network Information

CountryCNChina
RegionShanghai, Shanghai
ASNAS45090
OrganizationTencent cloud computing (Beijing) Co., Ltd.

Feed Intelligence Summary

12 reports58% confidence
12
Source reports
58%
Confidence score
Category tags
active scanaptasiaasyncratattackbotnetbotnet activitybrute forcebrute_ratel_c4c2chinacncobalt-strikecobaltstrikecommand & controlcommand and controlcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredcratdeimosdistributed attacksencryptionexploitation activityextortionhavochookbotidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinjection activitymalicious activitymalicious softwaremalwaremanualmythicnetsupportratnetworkpegasusphishingphishing attackprocess injectionransomwareremcosremcos trojanremote accessremote servicesresearchedreverse_sshsliversocial engineeringsupershellsystem disruptiont1021t1021.001t1055t1059t1059.003t1071t1071.001t1105t1486t1490t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1587.001t1590.001threat actortor nodeunknown group

Activity Timeline

1 total obs
May 20May 20

Threat Activity Heatmap

· Peak: 2026-05-20
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
12
Reports
First seenMar 13, 2025
Last seenMay 20, 2026
GeolocationCN
CountryChina
LocationShanghai, Shanghai
ASNAS45090
OrgTencent cloud computing (Beijing) Co., Ltd.
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
ip:port combination that is used for botnet Command&control (C&C)
raw
inetnum: 111.229.0.0 - 111.229.255.255 netname: TencentCloud descr: Tencent cloud computing (Beijing) Co., Ltd. descr: Floor 6, Yinke Building,38 Haidian St, descr: Haidian District Beijing country: CN admin-c: JT1125-AP tech-c: JX1747-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-TENCENTCLOUD-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:52Z source: APNIC irt: IRT-TencentCloud-CN address: 9F, FIYTA Building, Gaoxinnanyi Road, Southern address: District of Hi-tech Park, Shenzhen e-mail: [email protected] abuse-mailbox: [email protected] admin-c: JT1125-AP tech-c: JX1747-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-07 mnt-by: MAINT-CNNIC-AP last-modified: 2025-03-07T07:43:08Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: James Tian address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-84952 e-mail: [email protected] nic-hdl: JT1125-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-19T08:21:31Z source: APNIC person: Jimmy Xiao address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-80224 e-mail: [email protected] nic-hdl: JX1747-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-17T00:38:09Z source: APNIC route: 111.229.0.0/16 descr: Shenzhen Tencent Computer Systems Company Limited country: CN origin: AS45090 notify: [email protected] mnt-by: MAINT-CNNIC-AP last-modified: 2019-04-18T03:50:02Z source: APNIC
references
https://threatfox.abuse.ch/export/csv/recent/, https://x.com/drb_ra/status/1896386454034768257, https://x.com/drb_ra/status/1896386473726976391, https://x.com/drb_ra/status/1896452245065273749, https://x.com/drb_ra/status/1896452262010212521, https://x.com/drb_ra/status/1896452280393830905, https://x.com/drb_ra/status/1896452299339522541, https://x.com/drb_ra/status/1896452329974497482, https://x.com/drb_ra/status/1896452465492431246, https://x.com/drb_ra/status/1896452493845872999, https://x.com/drb_ra/status/1896452536925651328, https://x.com/drb_ra/status/1896452558966661226, https://x.com/drb_ra/status/1896452659445477593, https://x.com/drb_ra/status/1896452691175329809, https://x.com/drb_ra/status/1896452701849886952, https://x.com/drb_ra/status/1896452727028293931, https://x.com/drb_ra/status/1896452740294828380, https://x.com/drb_ra/status/1896452817868726385, https://x.com/drb_ra/status/1896452835891712374, https://x.com/drb_ra/status/1896518233521287181, https://x.com/drb_ra/status/1896518282837950595, https://x.com/drb_ra/status/1896518298323374080, https://x.com/drb_ra/status/1896518319701692627, https://x.com/drb_ra/status/1896518368972231064, https://x.com/drb_ra/status/1896593912233341366, https://x.com/drb_ra/status/1896607307368120473, https://x.com/drb_ra/status/1896607556631740525, https://x.com/drb_ra/status/1896633346358485382, https://x.com/drb_ra/status/1896633363903217903, https://x.com/drb_ra/status/1896633381733257591, https://x.com/drb_ra/status/1896633401593245841, https://x.com/drb_ra/status/1896633419616129271, https://x.com/drb_ra/status/1896633438511542577, https://x.com/drb_ra/status/1896633455590682643, https://x.com/drb_ra/status/1896633472875442356, https://x.com/drb_ra/status/1896633491858796900, https://x.com/drb_ra/status/1896634008790012151, https://x.com/drb_ra/status/1896634028373209518, https://x.com/drb_ra/status/1896634044986913019, https://x.com/drb_ra/status/1896634063957688576, https://x.com/drb_ra/status/1896634080986537994, https://x.com/drb_ra/status/1896634098749448454, https://x.com/drb_ra/status/1896634116654981245, https://x.com/drb_ra/status/1896634136645009650, https://x.com/drb_ra/status/1896634156630851638, https://x.com/drb_ra/status/1896634176272756924, https://x.com/drb_ra/status/1896634196682318169, https://x.com/drb_ra/status/1896634216533872831, https://x.com/drb_ra/status/1896634237123809724, https://x.com/drb_ra/status/1896634257482899600, https://x.com/drb_ra/status/1896653046157119746, https://x.com/drb_ra/status/1896655589918543931, https://x.com/drb_ra/status/1896655610361630913, https://x.com/drb_ra/status/1896655628464279731, https://x.com/drb_ra/status/1896671336493363615, https://x.com/drb_ra/status/1896671355460055097, https://x.com/drb_ra/status/1896671872970035340, https://x.com/drb_ra/status/1896671891768877423

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 25 days ago
Appeared in 12 threat reports