IPMediumSignal 43/100
111.230.108.14
Location
ChinaGuangzhou, Guangdong
ASN
AS45090
Tencent cloud computing (Beijing) Co., Ltd.
First Seen
Feb 27, 2025
Last Seen
Apr 7, 2026
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionGuangzhou, Guangdong
ASNAS45090
OrganizationTencent cloud computing (Beijing) Co., Ltd.
Feed Intelligence Summary
7 reports43% confidence
7
Source reports
43%
Confidence score
Category tags
active scanactive scanningapacapac regionappdataaptasiaasia-pacificautomotive manufacturingbad reputationbotnetbotnet activitybrute forcebrute_forcebuilding constructioncdn exploitationcertchinacivil servicescloud service abusecode executioncode injectioncommand and controlcommand executioncommunication technologiesconstruction materialsconstruction safetyconstruction technologycredential accesscredential harvestingcredential stuffingcredential_accesscrypto cybercryptocurrencycyber threatdata exfiltrationdata store exposuredata theftdefencedirectorydistributed attacksdll sideloadingelectronic health recordselectronics manufacturingenergyenergy distributionexfiltrationexploitation activityfatalratftpgh0stgh0st ratgovernment technologygroup policygroup policy injectionhasheshealth care and social assistancehealth information technologyhealthcare information systemshospital managementicsidentity & access exploitationindicatorindustrial automationindustrial control systemsindustrial iotindustrial organizationsindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityiot securityit infrastructurekaspersky icslateral movementmalicious softwaremalwaremanufacturing technologymedical servicesmobilemobile carriersmobile networksmobile securitymonitoringmoudoormydoornetworknetwork probingnetwork reconnaissancenetwork securitynetwork_reconnaissancenextnspackoil & gasoperation salmonslalompatient carepersistent accessphishingphishing attackpower generationpower systemsprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlratsreconnaissanceregulatory agenciesremote accessremote access trojanremote servicesrenewable energyresearchedsandboxscadasimaysimayratsocial engineeringsoftware developmentssh attacksupply chain attacksupply chain managementt1003t1012t1016t1021t1021.001t1027t1033t1036t1040t1046t1047t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1064t1068t1070.001t1071t1071.001t1076t1078t1082t1083t1102t1105t1110t1110.002t1112t1132t1135t1136t1140t1190t1195t1202t1204t1218t1486t1496t1499.002t1499.003t1518t1530t1543.003t1547t1548t1553t1555t1563t1564t1565t1566t1566.001t1566.002t1566.003t1573t1574.002t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003t1598telecom servicestelecommunicationstelnet threatthreat actortimetor nodettpsturkeyturnurlsvulnerability scanyoudao cloudyoudao cloud noteszegost
Activity Timeline
Apr 7Apr 7
Threat Activity Heatmap
· Peak: 2026-04-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
7
Reports
First seenFeb 27, 2025
Last seenApr 7, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS45090
OrgTencent cloud computing (Beijing) Co., Ltd.
Coords34.7732, 113.7220
VirusTotal
Not checked
WHOIS
- description
- CC=CN ASN=AS45090 shenzhen tencent computer systems company limited
- raw
- inetnum: 111.230.0.0 - 111.231.255.255 netname: TencentCloud descr: Tencent cloud computing (Beijing) Co., Ltd. descr: Floor 6, Yinke Building,38 Haidian St, descr: Haidian District Beijing country: CN admin-c: JT1125-AP tech-c: JX1747-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-TENCENTCLOUD-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:52Z source: APNIC irt: IRT-TencentCloud-CN address: 9F, FIYTA Building, Gaoxinnanyi Road, Southern address: District of Hi-tech Park, Shenzhen e-mail: [email protected] abuse-mailbox: [email protected] admin-c: JT1125-AP tech-c: JX1747-AP auth: # Filtered remarks: [email protected] is invalid mnt-by: MAINT-CNNIC-AP last-modified: 2025-09-24T13:09:40Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-19T17:20:32Z source: APNIC person: James Tian address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-84952 e-mail: [email protected] nic-hdl: JT1125-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-19T08:21:31Z source: APNIC person: Jimmy Xiao address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-80224 e-mail: [email protected] nic-hdl: JX1747-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-17T00:38:09Z source: APNIC route: 111.230.0.0/15 descr: TencentCloud country: CN origin: AS45090 notify: [email protected] mnt-by: MAINT-CNNIC-AP last-modified: 2016-10-19T03:16:02Z source: APNIC
- references
- https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets, https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 7 threat reports