IOC Radar
IPMediumSignal 42/100

112.94.253.97

Location
ChinaChina
Guangzhou, GD
ASN
AS17622
China Unicom CHINA169 Guangdong Province Network
First Seen
Dec 19, 2021
Last Seen
Apr 12, 2026
Dec 19
First Seen
1645d ago
Apr 12
Last Seen
70d ago
12
Reports
source reports
42%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

52 techniques

Network Information

CountryCNChina
RegionGuangzhou, GD
ASNAS17622
OrganizationChina Unicom CHINA169 Guangdong Province Network

IP Category

Proxy
Proxy server

Feed Intelligence Summary

12 reports42% confidence
12
Source reports
42%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningasiaattackauto-generated securitybad reputationbad web botblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksc2c2 communicationchinacncommand & controlcommand and controlcompromised devicecompromised hostcompromised hostscompromised systemcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos preparationdecoy systemdenial of servicedistributed attacksexploit attemptsexploitation activityexploited hostftp brute forcehackinghttp scanninghttps scanningidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinjection activitylateral movementmalicious activitymalicious softwaremalwaremalware distributionmanualnetworknetwork enumerationnetwork intrusionnetwork scanningnetwork securitynetwork trafficpassword attacksphishingphishing attackprocess injectionprotocol exploitationproxyproxy activityreconnaissanceresearchedscannersecurity policysmtp scanningsocial engineeringspamssh attackt1003t1005t1016t1018t1021t1040t1043t1047t1053t1053.005t1055t1056t1059t1071t1071.001t1071.002t1071.004t1078t1083t1090t1090.001t1090.002t1090.003t1105t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1497t1499.001t1499.002t1499.003t1550t1552t1555t1556t1565t1566t1566.001t1566.002t1566.003t1573t1587.001t1590.001t1595.001t1595.002t1595.003telnet threatthreat actorthreat intelligencethreat preventiontor nodetsecweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Apr 12Apr 12

Threat Activity Heatmap

· Peak: 2026-04-12
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
12
Reports
First seenDec 19, 2021
Last seenApr 12, 2026
GeolocationCN
CountryChina
LocationGuangzhou, GD
ASNAS17622
OrgChina Unicom CHINA169 Guangdong Province Network
Coords23.1181, 113.2539
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 112.94.0.0 - 112.94.255.255 netname: GuangZhou-unicom descr: United-Communications-Network-Technology-Co-Ltd, GuangZhou country: CN admin-c: CG272-AP tech-c: CG272-AP abuse-c: AC1718-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-CNCGROUP-GD mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:20:11Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-09-04T05:18:38Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC role: CNCGROUP GD nic-hdl: CG272-AP e-mail: [email protected] address: XinShiKong Plaza,No 666 Huangpu Rd. Guangzhou 510627,China phone: +86-20-22214226 fax-no: +86-20-22214228 admin-c: RP181-AP tech-c: RP181-AP country: CN mnt-by: MAINT-CNCGROUP-GD last-modified: 2009-04-14T08:33:40Z source: APNIC route: 112.94.128.0/17 origin: AS17622 descr: China Unicom B811&A1218, China Unicom No.21, Jin-Rong Street mnt-by: MAINT-CNCGROUP-RR last-modified: 2023-06-08T07:54:53Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 2 months ago
Appeared in 12 threat reports