IOC Radar
IPMediumSignal 52/100

119.91.254.137

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS45090
Tencent cloud computing (Beijing) Co., Ltd.
First Seen
Apr 15, 2026
Last Seen
May 20, 2026
Apr 15
First Seen
62d ago
May 20
Last Seen
27d ago
5
Reports
source reports
52%
Confidence
medium
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

7 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS45090
OrganizationTencent cloud computing (Beijing) Co., Ltd.

Feed Intelligence Summary

5 reports52% confidence
5
Source reports
52%
Confidence score
Category tags
abusech-threatfox-c2casiaazurebad reputationbeelinebotnetbotnet activityc2c2 panelchinacloud infrastructurecobaltstrikecommand & controleurope/asiahosting ipindicatormalwarenetworkproxyamransomwareresearchedrussiat1027t1055.001t1059.001t1071.001t1113t1125t1528technology llcthreat actortor nodevimpelcomwiki

Activity Timeline

1 total obs
May 20May 20

Threat Activity Heatmap

· Peak: 2026-05-20
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This IP address, 119.91.254.137, has been identified as a highly suspicious Command and Control (C2) server, scoring 52.18, which indicates a significant and immediate threat to our organization's security posture. Its strong association with Cobalt Strike, a legitimate penetration testing tool frequently exploited by sophisticated malicious actors, implies a high likelihood of advanced post-exploitation activities within any compromised system. Detection of communication with this C2 server sig…

Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
5
Reports
First seenApr 15, 2026
Last seenMay 20, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS45090
OrgTencent cloud computing (Beijing) Co., Ltd.
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
The following is the full list of names given to Vye32GsS2g38eKhmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA
raw
inetnum: 119.91.0.0 - 119.91.255.255 netname: TencentCloud descr: Tencent cloud computing (Beijing) Co., Ltd. descr: Floor 6, Yinke Building,38 Haidian St,Haidian District Beijing country: CN admin-c: JT1125-AP tech-c: JX1747-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-BTMNET-CN last-modified: 2019-01-31T00:48:47Z source: APNIC irt: IRT-BTMNET-CN address: Rm.508,5/F,Full Link Plaza No.18 Chaoyangmenwai Ave.beijing P.R.C e-mail: [email protected] abuse-mailbox: [email protected] admin-c: PW445-AP tech-c: OL53-AP auth: # Filtered mnt-by: MAINT-CNNIC-AP last-modified: 2025-11-18T00:26:26Z source: APNIC person: James Tian address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-84952 e-mail: [email protected] nic-hdl: JT1125-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-19T08:21:31Z source: APNIC person: Jimmy Xiao address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-80224 e-mail: [email protected] nic-hdl: JX1747-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-17T00:38:09Z source: APNIC route: 119.91.0.0/16 origin: AS45090 descr: China Internet Network Information Center Floor1, Building No.1 C/-Chinese Academy of Sciences 4, South 4th Street Haidian District, mnt-by: MAINT-CNNIC-AP last-modified: 2020-02-25T01:15:48Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 27 days ago
Appeared in 5 threat reports