IOC Radar
IPMediumSignal 81/100

114.96.89.69

Location
ChinaChina
Hangzhou, AH
ASN
AS4134
Chinanet AH
First Seen
Dec 17, 2024
Last Seen
Apr 17, 2026
Dec 17
First Seen
540d ago
Apr 17
Last Seen
54d ago
21
Reports
source reports
81%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryCNChina
RegionHangzhou, AH
ASNAS4134
OrganizationChinanet AH

Feed Intelligence Summary

21 reports81% confidence
21
Source reports
81%
Confidence score
Category tags
abuseabusech-urlhaus-c2cactive scanactive scanningadversary simulation toolantiaptarmasciiasiaasyncratattackb5tubackdoorbad reputationbase64base64-loaderbatbeaconbeaconing activityblankgrabberbotnetbotnet activitybotnetdomainbraodostealerbrute forcec2c2 frameworkcensyschinachinanet-anhui-wuhu-idccncobaltstrikecommand & controlcommand and controlcommand executioncredential harvestingcredential stuffingdanabotdata encryptiondata exfiltrationdata store exposuredcratddosddos attacksdistributed attacksdlldonutloaderelfencodedencryptionevasionexeexecutable fileexploitation activityextortiongafgytgorillabotnethackinghajimehavochtaidentity & access exploitationindicatorinfostealerinjection activityinternet of thingsiot botnetiot securityiot/ics attacklateral movementlateral movement techniqueslazagnelnklummalummastealermalicious activitymalicious powershell activitymalicious softwaremalwaremanualmatanbuchusmeduzastealermeterpretermipsmirai botnetmozimythicnetsupportratnetworkopendirpayload deploymentpayload generationpenetration testing toolphishingphishing attackpost-exploitationpost-exploitation activitiesprocess injectionps1qakbotquasarratransomwarereconnaissanceremcos trojanremote accessremote servicesresearchedrevrev-base64-loaderreverse_sshsaint helena, ascension and tristan da cunhascams & fraudscannerscriptscripting attacksshellcodesliversocial engineeringsshdkitstealcstealerstrelastealersystem disruptiont1003t1016t1018t1021.001t1027t1041t1047t1055t1059t1059.001t1059.003t1071t1071.001t1078t1083t1086t1090t1090.001t1105t1133t1190t1204.002t1210t1486t1490t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1595.001t1595.002t1595.003threat actorthreatfox iocstor nodeua-wgetvidarwsgidavx86-32xml-opendir

Activity Timeline

1 total obs
Apr 17Apr 17

Threat Activity Heatmap

· Peak: 2026-04-17
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, signals a significant and immediate threat to organizational security, warranting critical attention. Its high score of 80.59, coupled with its explicit non-whitelisted status, indicates a strong likelihood of malicious intent and active involvement in hostile operations. This address has been consistently linked to the use of Cobalt Strike, a notorious post-exploitation framework often leveraged by sophisticated threat actors for command and …

Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
21
Reports
First seenDec 17, 2024
Last seenApr 17, 2026
GeolocationCN
CountryChina
LocationHangzhou, AH
ASNAS4134
OrgChinanet AH
Coords29.7165, 116.8103

VirusTotal

Not checked

WHOIS

description
ip:port combination that is used for botnet Command&control (C&C)
raw
inetnum: 114.96.0.0 - 114.103.255.255 netname: CHINANET-AH descr: CHINANET Anhui PROVINCE NETWORK descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: JW89-AP tech-c: JW89-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-AH mnt-routes: MAINT-CHINANET-AH mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:06:13Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Jinneng Wang address: 17/F, Postal Building No.120 Changjiang address: Middle Road, Hefei, Anhui, China country: CN phone: +86-551-2659073 fax-no: +86-551-2659287 e-mail: [email protected] nic-hdl: JW89-AP mnt-by: MAINT-CHINANET-AH last-modified: 2014-02-21T01:19:43Z source: APNIC
references
https://threatfox.abuse.ch/export/csv/recent/, https://urlhaus.abuse.ch/browse/, https://x.com/drb_ra/status/1909842670509302138, https://x.com/drb_ra/status/1909860382291722712, https://x.com/drb_ra/status/1909860399165452359, https://x.com/drb_ra/status/1909860416416575784, https://x.com/drb_ra/status/1909860433533493456, https://x.com/drb_ra/status/1909860450818290077, https://x.com/drb_ra/status/1909860468161642993, https://x.com/drb_ra/status/1909860693764952396, https://x.com/drb_ra/status/1909860708537299283, https://x.com/drb_ra/status/1909860724953796762, https://x.com/drb_ra/status/1909860752271278387, https://x.com/drb_ra/status/1909860984501461487, https://x.com/drb_ra/status/1909861001811370365, https://x.com/drb_ra/status/1909861018899009980, https://x.com/drb_ra/status/1909861036695421415, https://x.com/drb_ra/status/1909861054147944853, https://x.com/drb_ra/status/1909861072770654450, https://x.com/drb_ra/status/1909861091598827875, https://x.com/drb_ra/status/1909861110963904854, https://x.com/drb_ra/status/1909861130136076558, https://x.com/drb_ra/status/1909861149249589537, https://x.com/drb_ra/status/1909861168950157360, https://x.com/drb_ra/status/1909861188193698206, https://x.com/drb_ra/status/1909861207760052305, https://x.com/drb_ra/status/1909861227683029303, https://x.com/drb_ra/status/1909861247186567632, https://x.com/drb_ra/status/1909861266090307623, https://x.com/drb_ra/status/1909861284843053093, https://x.com/drb_ra/status/1909865343402561570, https://x.com/drb_ra/status/1909919471998730633, https://x.com/drb_ra/status/1909919490399220014, https://x.com/drb_ra/status/1909919509118353528, https://x.com/drb_ra/status/1909919528751976909, https://x.com/drb_ra/status/1909919548591030539, https://x.com/drb_ra/status/1909919569101140108, https://x.com/drb_ra/status/1909920086825087468, https://x.com/drb_ra/status/1909920105598693409, https://x.com/drb_ra/status/1909920123089019257, https://x.com/drb_ra/status/1909922157116739926, https://x.com/drb_ra/status/1909922175169028546, https://x.com/drb_ra/status/1909922694591594702, https://x.com/drb_ra/status/1909922714124521514, https://x.com/drb_ra/status/1909999599038730340, https://x.com/drb_ra/status/1909999616793129000, https://x.com/drb_ra/status/1910041608302604594, https://x.com/drb_ra/status/1910041625381802254, https://x.com/drb_ra/status/1910041642276655133, https://x.com/drb_ra/status/1910041660593217986, https://x.com/drb_ra/status/1910041677009760273, https://x.com/drb_ra/status/1910041694592233720, https://x.com/drb_ra/status/1910041714058006819, https://x.com/drb_ra/status/1910041733108506671, https://x.com/drb_ra/status/1910041752247140369, https://x.com/drb_ra/status/1910041771968446646, https://x.com/drb_ra/status/1910041792591908963, https://x.com/drb_ra/status/1910041812858707988, https://x.com/drb_ra/status/1910041833452765521, https://x.com/drb_ra/status/1910042351008907465, https://x.com/drb_ra/status/1910042371016024549, https://x.com/drb_ra/status/1910042388615114825, https://x.com/drb_ra/status/1910042405929091268, https://x.com/drb_ra/status/1910042424837349612, https://x.com/drb_ra/status/1910042442847395915, https://x.com/drb_ra/status/1910042461495509189, https://x.com/drb_ra/status/1910042479874748526, https://x.com/drb_ra/status/1910042500011807156, https://x.com/drb_ra/status/1910042518223294814, https://x.com/drb_ra/status/1910042537978405035, https://x.com/drb_ra/status/1910042557096026149, https://x.com/drb_ra/status/1910042576788369444, https://x.com/drb_ra/status/1910042596660990033, https://x.com/drb_ra/status/1910042616848121899, https://x.com/drb_ra/status/1910042638515933610, https://x.com/drb_ra/status/1910042658107752493, https://x.com/drb_ra/status/1910042677833347449, https://x.com/drb_ra/status/1910042698364363000, https://x.com/drb_ra/status/1910042718560207281, https://x.com/drb_ra/status/1910042738999079311, https://x.com/drb_ra/status/1910042759546675243, https://x.com/drb_ra/status/1910042780707295361, https://x.com/drb_ra/status/1910066556937122145, https://x.com/drb_ra/status/1910070109466776022, https://x.com/drb_ra/status/1910070128189862104, https://x.com/drb_ra/status/1910070646597681443, https://x.com/drb_ra/status/1910070664364544441, https://raw.githubusercontent.com/openphish/public_feed/refs/heads/main/feed.txt, https://urlhaus.abuse.ch/downloads/text_online/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 21 threat reports