IOC Radar
IPMediumSignal 100/100

112.198.193.5

Location
PhilippinesPhilippines
Lahug, Central Visayas
ASN
AS132199
Globe Telecom
First Seen
Apr 24, 2025
Last Seen
Jun 10, 2026
Apr 24
First Seen
422d ago
Jun 10
Last Seen
10d ago
14
Reports
source reports
99%
Confidence
medium
5/91
VirusTotal
detections
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

54 techniques

Network Information

CountryPHPhilippines
RegionLahug, Central Visayas
ASNAS132199
OrganizationGlobe Telecom

Feed Intelligence Summary

14 reports99% confidence
14
Source reports
99%
Confidence score
Category tags
abusech-urlhaus-c2caccess controlactive scanactive scanningamadeyanubisapkarmasciiasiaasyncratattackaustraliaauthentication attackauthentication_bypassbackdoorbad reputationbankerbase64-loaderbashbatbertblacklist ipbotnetbotnet activitybotnetdomainbrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcec2c2 activityc2 monitorc2huntercensyscensys scanning activitycobaltstrikecode injectioncoinminercommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostcowrie honeypotcredential accesscredential stuffingcryptonecurldata encryptiondata exfiltrationdatabase securitydbatloaderddos attacksdecoy systemdeerstealerdenial of servicedionaea honeypotdistributed attacksdlldonutdonutloaderdropped by amadeydropped-by-amadeyelfencodedenumerationexeexploitation activityexploited hostextortionfake os updatefattfbi.gov impersonationftpftp brute forcegafgytgotoresolveguloaderhackinghajimehavochoneytrap honeypothtahttp brute forcehttp scannerhttpshunt.io datahuntioiframeiframe injectionindicatorinfostealeringress tool transferinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot targetediot/ics attackipv4ipv4_addressjpg-base64-loaderkraktenratlamplateral movementlazagnelnkloaderlummalummastealermailoney honeypotmalicious activitymalicious ipmalicious powershell activitymalicious scanmalicious sftp activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware scanningmamontmaskgramstealermassloggermetasploitmeterpretermipsmiraimirai botnetmoobotmozimsinc utility usagenetworknetwork attacksnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork_service_exploitationnew caledonianjratoceaniaopendiropendir exposurep0fpassword attacksphphilippinesphishing attackphishing trapprocess injectionprotocol exploitationproxy protocolps1purelogstealerquasarquasarratransomwareratreact2shellreconnaissancereconnaissance activityredir-302redlinestealerremcosratremote accessremote servicesremote_accessresearchedresource hijackingrev-base64-loadersaint helena, ascension and tristan da cunhasalatstealerscanscannerscriptscripting attackssecurity policysensor-taggedsentrypeer botnetsftp attacksliversmtpsnakekeyloggersql injection attemptsssh attackssh monitoringsshdkitstealcstealersuperhsvcstealersystem disruptiont1005t1021t1021.001t1021.004t1027t1040t1041t1046t1053.005t1055t1059t1059.001t1059.003t1059.005t1059.007t1071t1071.001t1076t1078t1078.003t1083t1086t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1204t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1547.001t1547.009t1555.003t1563t1565t1566t1588.004t1588.006t1592t1595t1595.001t1595.002t1595.003t1598tannertcptcp protocoltelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpottrojan malwareua-wgetunited statesurlhausvalleyratvanlaratvidarvioletwormvipkeyloggervoip attackweb exploitationweb trafficwgetwsgidavx86x86-32xenoratxloaderxml-opendirxmrigxwormzip

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
14
Reports
First seenApr 24, 2025
Last seenJun 10, 2026
GeolocationPH
CountryPhilippines
LocationLahug, Central Visayas
ASNAS132199
OrgGlobe Telecom
Coords10.3099, 123.8930

VirusTotal

5/ 91vendors flagged
5% detection rateJun 11, 2026

WHOIS

description
Scans hitting the server at TCP port 23 Telnet. The same IP address may appear more than once a day. S3#
raw
inetnum: 112.198.192.0 - 112.198.255.255 netname: GBB-VISAYAS-IP-POOL descr: GBB-VISAYAS-IP-POOL country: PH admin-c: GINA4-AP tech-c: GINA4-AP abuse-c: AG698-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-MGR-AP mnt-irt: IRT-GLOBET-PH last-modified: 2021-02-17T07:28:40Z source: APNIC irt: IRT-GLOBET-PH address: The Globe Tower address: 32nd Street corner 7th Avenue address: Bonifacio Global City, Taguig address: Philippines e-mail: [email protected] abuse-mailbox: [email protected] admin-c: GINA4-AP tech-c: GINA4-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-26 mnt-by: MAINT-MGR-AP last-modified: 2025-09-04T00:59:55Z source: APNIC role: ABUSE GLOBETPH country: ZZ address: The Globe Tower address: 32nd Street corner 7th Avenue address: Bonifacio Global City, Taguig address: Philippines phone: +000000000 e-mail: [email protected] admin-c: GINA4-AP tech-c: GINA4-AP nic-hdl: AG698-AP remarks: Generated from irt object IRT-GLOBET-PH remarks: [email protected] was validated on 2025-03-26 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-26T01:21:25Z source: APNIC role: Globe IP Net Admin address: Globe Telecom country: PH phone: +63-2-7977638 e-mail: [email protected] admin-c: GINA4-AP tech-c: GINA4-AP nic-hdl: GINA4-AP notify: [email protected] mnt-by: MAINT-GT-GNET-AP last-modified: 2019-08-14T06:41:56Z source: APNIC route: 112.198.192.0/22 origin: AS132199 descr: Globe Telecom (GMCR,INC) 14/F Globe Telecom Telepark 111 Valero St. Salcedo Village mnt-by: MAINT-MGR-AP last-modified: 2020-07-09T14:54:15Z source: APNIC
references
https://urlhaus.abuse.ch/browse/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 14 threat reports