IOC Radar
IPMediumSignal 100/100

120.84.215.236

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS17816
CNC Group CHINA169 Guangdong Province Network
First Seen
Apr 10, 2025
Last Seen
Jan 16, 2026
Apr 10
First Seen
443d ago
Jan 16
Last Seen
162d ago
10
Reports
source reports
99%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS17816
OrganizationCNC Group CHINA169 Guangdong Province Network

Feed Intelligence Summary

10 reports99% confidence
10
Source reports
99%
Confidence score
Category tags
active scanningarmasciiasiaasyncratbackdoorbase64-loaderbotnetbotnetdomainbrute force attackcensyschinaclipboardhijackercode injectioncoinminercommand and controlcommand executioncredential accesscredential harvestingcredential stuffingdarktortilladarkvisionratdata exfiltrationdbatloaderdcratddosddos attacksddosagentdistributed attacksdlldocdropped-by-lummastealerelfencodedexeexploited hostfakecaptchagafgytgetshellguloaderhackinghajimehijackloaderhtahtmlindicatorinternet of thingsiot botnetiot/ics attackjpg-base64-loaderlokilummastealermalicious powershell activitymalicious softwaremalwaremeterpretermipsmirai botnetmodiloadermoobotmozimsinetworknetwork scanningopendirpassword attacksphishing attackprocess injectionps1quasarratraccoonclipperratreconnaissanceremcosratremote accessresearchedrev-base64-loadersaint helena, ascension and tristan da cunhascannerscripting attackssliversmartloadersmoke loadersocial engineeringsshdkitt1027t1055t1059t1059.001t1059.007t1071t1071.001t1078t1086t1105t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1204t1204.001t1204.002t1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1583t1588t1589t1592t1595.001t1595.002t1595.003tsunamiua-wgetvidarvipkeyloggerweb exploitationxloaderxwormzip

Activity Timeline

1 total obs
Jan 16Jan 16

Threat Activity Heatmap

· Peak: 2026-01-16
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
10
Reports
First seenApr 10, 2025
Last seenJan 16, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS17816
OrgCNC Group CHINA169 Guangdong Province Network
Coords23.1181, 113.2539

VirusTotal

Not checked

WHOIS

raw
inetnum: 120.80.0.0 - 120.87.255.255 netname: UNICOM-GD descr: China Unicom Guangdong province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: RP181-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-GD mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2023-10-21T03:29:33Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] is invalid mnt-by: MAINT-CNCGROUP last-modified: 2025-09-10T13:07:04Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-10T13:08:11Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: runkeng pan nic-hdl: RP181-AP e-mail: [email protected] address: XinShiKong Plaza,No 666 Huangpu Rd. Guangzhou 510627,China phone: +86-20-22214174 fax-no: +86-20-22212266-4174 country: CN mnt-by: MAINT-CNCGROUP-GD last-modified: 2015-12-16T03:32:02Z source: APNIC route: 120.80.0.0/13 descr: CNC Group CHINA169 Guangdong Province Network country: CN origin: AS17816 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:55:15Z source: APNIC
references
https://urlhaus.abuse.ch/browse/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 5 months ago
Appeared in 10 threat reports