IOC Radar
IPMediumSignal 100/100

119.53.61.184

Location
ChinaChina
Jilin, Jilin
ASN
AS4837
CNC Group CHINA169 Jilin Province Network
First Seen
Mar 31, 2025
Last Seen
Feb 15, 2026
Mar 31
First Seen
439d ago
Feb 15
Last Seen
118d ago
21
Reports
source reports
99%
Confidence
medium
4/91
VirusTotal
detections
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryCNChina
RegionJilin, Jilin
ASNAS4837
OrganizationCNC Group CHINA169 Jilin Province Network

Feed Intelligence Summary

21 reports99% confidence
21
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningapacheapache attackeraptasiaattackaustraliaauthentication abuseauthentication attackautomated attackbotnetbrute forcebrute force attackbrute force attemptc&cc2chinacommand and controlcommunication protocolcommunication technologiescompromised credentialscompromised devicecompromised hostcompromised systemcowrie honeypotcredential accesscredential stuffingcredential stuffing attemptsdata exfiltrationddosdecoy systemdenial of servicedistributed attackseuropeexploit attemptsexploited hostfail2ban triggeredfailed login attemptsfinlandfranceftp brute forcegermanyhackinghoneynet connecthoneytrap honeypothttp brute forceindicatorintrusion detectionlamplateral movementlogin attacklogin attemptlogin attempt failuresmalicious activitymalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalwaremalware propagationmalware scanningmobile carriersmobile networksnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork probenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnorth americaoceaniapassword attackpassword attackspolandprocess injectionprotocol exploitationreconnaissanceremote accessremote service exploitationremote servicesresearchedscannerscanning activitysecurity operationssecurity policysftp attacksmb brute forcesmtp brute forcesql injection attemptsssh attackssh monitoringt1003t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.002t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1210t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566t1588t1589t1592t1595t1595.001t1595.002t1595.003tcp protocoltcp scantelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited kingdomunited statesweb application attackweb exploitation

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
21
Reports
First seenMar 31, 2025
Last seenFeb 15, 2026
GeolocationCN
CountryChina
LocationJilin, Jilin
ASNAS4837
OrgCNC Group CHINA169 Jilin Province Network
Coords43.8378, 126.5490

VirusTotal

4/ 91vendors flagged
4% detection rateJun 8, 2026

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 119.48.0.0 - 119.55.255.255 netname: UNICOM-JL descr: China Unicom Jilin province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: WT92-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-JL mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:12:08Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: Wang Tiegang nic-hdl: WT92-AP e-mail: [email protected] address: NO.3535,Renmin Street, ChangChun , address: Jilin province , 130021 , P.R. China phone: +86-0431-87022560 fax-no: +86-0431-87022420 country: CN mnt-by: MAINT-CNCGROUP-JL last-modified: 2020-07-03T00:43:16Z source: APNIC route: 119.48.0.0/13 descr: CNC Group CHINA169 Jilin Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:55:11Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 21 threat reports