IOC Radar
IPMediumSignal 100/100

111.229.70.54

Location
ChinaChina
Shanghai, Shanghai
ASN
AS45090
Tencent cloud computing (Beijing) Co., Ltd.
First Seen
Feb 18, 2024
Last Seen
May 5, 2026
Feb 18
First Seen
845d ago
May 5
Last Seen
38d ago
24
Reports
source reports
99%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

99 techniques

Network Information

CountryCNChina
RegionShanghai, Shanghai
ASNAS45090
OrganizationTencent cloud computing (Beijing) Co., Ltd.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

24 reports99% confidence
24
Source reports
99%
Confidence score
Category tags
abuseabuseipdbaccess controlackack scanactive scanactive scanningadbhoney honeypotanomalous network connectionsaptasiaattackaustraliaauthentication attacksauthentication attemptsauto-generated securitybad reputationbad web botblock listblock.txtblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcec2c2 communicationc2 servercertchinachina mobilecncode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemsconnect scanconpot honeypotcontainer securitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential harvestingcredential stuffingcredentialaccesscurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos probeddospotdecoy systemdenial of servicedenial-of-service attemptdionaea activitydionaea honeypotdionaea interactionsdionaea malware samplesdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostextortionfailed login attemptsfattfatt analysisfatt signaturesfilefinfin scanfinlandfirewall detectionfranceftpftp attackftp attacksftp brute forcefull connect scangalahgermanygluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicmpics securityidentity & access exploitationimapindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet-facingintrusion detectioninvalid loginiociot securityiot/ics attackipphoney honeypotkibanalateral movementlog4potlogin attemptloginattackmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip activitymalicious network activitymalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware distributionmalware downloadmalware propagationmanualmasscan activitymedpotmssqlnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnmap scan detectednorth americanull scanobserved malicious activityoceaniaopen port detectionopenctios fingerprintingp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible malware distributionpossible reconnaissancepossible vulnerability probingpotential exploit targetingpotential reconnaissance activityprivilege escalationprocess injectionprotocol exploitationproxyproxy accessransomwareratrcereconnaissancereconnaissance activityredis honeypotremote accessremote code executionremote servicesresearchedresource hijackingrtbhscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver exploitationservice discoveryservice enumerationservice scanshell accessshell access attemptsip attackssippsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptssh attackssh attacksssh monitoringstealth scansuricata alertsuricata alertssuspected malicious activitysynsyn scansystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1082t1083t1087t1087.001t1087.002t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1136t1137t1187t1189t1190t1195t1203t1204t1204.002t1205t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1583t1587.001t1588t1588.001t1588.002t1588.003t1588.006t1589t1590t1590.001t1591t1592t1593t1594t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpottsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized login attemptsunited statesus abuseus nonevalid accountsvnc protocolvoipvoip attackvulnerability scanweb application attackweb application attacksweb application scanweb attackweb exploitationweb login attemptweb shellweb shell detectionweb shell uploadweb spamweb trafficwgetwordpotxmasxmas scan

Activity Timeline

1 total obs
May 5May 5

Threat Activity Heatmap

· Peak: 2026-05-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
24
Reports
First seenFeb 18, 2024
Last seenMay 5, 2026
GeolocationCN
CountryChina
LocationShanghai, Shanghai
ASNAS45090
OrgTencent cloud computing (Beijing) Co., Ltd.
Coords34.7732, 113.7220
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=honeytrap, p0f, suricata; threshold?1; private IPs excluded.
raw
inetnum: 111.229.0.0 - 111.229.255.255 netname: TencentCloud descr: Tencent cloud computing (Beijing) Co., Ltd. descr: Floor 6, Yinke Building,38 Haidian St, descr: Haidian District Beijing country: CN admin-c: JT1125-AP tech-c: JX1747-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-TENCENTCLOUD-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:52Z source: APNIC irt: IRT-TencentCloud-CN address: 9F, FIYTA Building, Gaoxinnanyi Road, Southern address: District of Hi-tech Park, Shenzhen e-mail: [email protected] abuse-mailbox: [email protected] admin-c: JT1125-AP tech-c: JX1747-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-07 mnt-by: MAINT-CNNIC-AP last-modified: 2025-03-07T07:43:08Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: James Tian address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-84952 e-mail: [email protected] nic-hdl: JT1125-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-19T08:21:31Z source: APNIC person: Jimmy Xiao address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-80224 e-mail: [email protected] nic-hdl: JX1747-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-17T00:38:09Z source: APNIC route: 111.229.0.0/16 descr: Shenzhen Tencent Computer Systems Company Limited country: CN origin: AS45090 notify: [email protected] mnt-by: MAINT-CNNIC-AP last-modified: 2019-04-18T03:50:02Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 24 threat reports