IOC Radar
IPMediumSignal 75/100

112.94.191.230

Location
ChinaChina
Guangzhou, GD
ASN
AS17622
China Unicom CHINA169 Guangdong Province Network
First Seen
Nov 30, 2025
Last Seen
May 23, 2026
Nov 30
First Seen
194d ago
May 23
Last Seen
19d ago
6
Reports
source reports
75%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

7 techniques

Network Information

CountryCNChina
RegionGuangzhou, GD
ASNAS17622
OrganizationChina Unicom CHINA169 Guangdong Province Network

Feed Intelligence Summary

6 reports75% confidence
6
Source reports
75%
Confidence score
Category tags
abuseactive scanactive scanningasiabad reputationbad web botbotnet activitybrute forcebrute force attackbrute force attackerchinacncredential accesscredential stuffingexploitation activityexploited hosthackingidentity & access exploitationindicatornetworkpassword attacksportscanreconnaissanceresearchedscannerscannersservice scant1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003vultr

Activity Timeline

1 total obs
May 23May 23

Threat Activity Heatmap

· Peak: 2026-05-23
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
6
Reports
First seenNov 30, 2025
Last seenMay 23, 2026
GeolocationCN
CountryChina
LocationGuangzhou, GD
ASNAS17622
OrgChina Unicom CHINA169 Guangdong Province Network
Coords23.1181, 113.2539

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
inetnum: 112.94.0.0 - 112.94.255.255 netname: GuangZhou-unicom descr: United-Communications-Network-Technology-Co-Ltd, GuangZhou country: CN admin-c: CG272-AP tech-c: CG272-AP abuse-c: AC1718-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-CNCGROUP-GD mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:20:11Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-10-17 mnt-by: MAINT-CNCGROUP last-modified: 2025-11-18T00:26:20Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-10-17 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-10-17T02:26:56Z source: APNIC role: CNCGROUP GD nic-hdl: CG272-AP e-mail: [email protected] address: XinShiKong Plaza,No 666 Huangpu Rd. Guangzhou 510627,China phone: +86-20-22214226 fax-no: +86-20-22214228 admin-c: RP181-AP tech-c: RP181-AP country: CN mnt-by: MAINT-CNCGROUP-GD last-modified: 2009-04-14T08:33:40Z source: APNIC route: 112.94.128.0/18 origin: AS17622 descr: China Unicom B811&A1218, China Unicom No.21, Jin-Rong Street mnt-by: MAINT-CNCGROUP-RR last-modified: 2023-06-08T07:54:54Z source: APNIC
references
https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 months ago · Last seen 19 days ago
Appeared in 6 threat reports