IPMediumSignal 65/100
121.22.99.2
Location
ChinaChengde, Hebei
ASN
AS4837
CNC Group CHINA169 Hebei Province Network
First Seen
Jul 27, 2022
Last Seen
Jun 8, 2026
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionChengde, Hebei
ASNAS4837
OrganizationCNC Group CHINA169 Hebei Province Network
Feed Intelligence Summary
32 reports65% confidence
32
Source reports
65%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount enumerationactive scanactive scanningactive-attackadresse ipaptasiaatif feedattackattacker-ipaustraliaauthentication abuseauthentication attackauthentication attemptauthentication-failureauthentication_attackauto-generated securityautomated attackazure adbad reputationbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2 communicationc2 serverchinacivil servicescloud environmentcloud infrastructurecloud infrastructure attackcloud servicescncode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescompromised credentialscompromised hostcompromised hostscowriecowrie datacowrie honeypotcredential accesscredential compromisecredential harvestingcredential stuffcredential stuffingcredential-dumpingcredential-harvestingcredential_accesscredit card servicesdata encryptiondata exfiltrationdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedigital oceandionaea honeypotdistributed attacksdns attackdnsblelasticpot honeypotelasticsearch monitoringemailencryptionentra idenumerationenv-huntingeuropeexchange onlineexploitation activityexploited hostexternal remote servicesfinancefinancial servicesfinancial technologyfinlandfnt-secure-sentinelfnt-sentinelfrancefraud ordersftpftp brute forcegermanygovernment technologyhackinghoneynet connecthttp brute forcehttp scannerhttpsidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet-facing assetsinternet_scannersintrusion detectioniociocsiot securityipv4ipv4 addressesipv4 trafficipv4_addressipv4_trafficit infrastructurekill-chain exploitationkill-chain reconnaissancelateral movementlogin attacklogin attemptlogin brute forcelondonmalaysiamalicious activitymalicious ip addressesmalicious softwaremalicious-ipmalwaremalware behaviourmalware capturemalware distributionmanualmedium-riskmicrosoft 365microsoft azuremicrosoft entra idmobile carriersmobile networksmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork traffic analysisnginxnorth americaoceaniaopenctipassword attackpassword attackspassword crackingpassword spraypassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceprivateprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote access attemptremote servicesremote_accessresearchedresource hijackingscams & fraudscannerscanner ipscannersscanning activityscripting attackssecurity operationssecurity policysentrypeer botnetservice scansftp attacksigningin attepmtssmb brute forcesmtpsmtp authenticatedsmtp brute forcesmtp-attacksocial engineeringsoftware developmentspamsshssh attackssh monitoringssh-bruteswedent1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreat intelligence feedthreat preventiontor nodeturkeyudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited statesunknown threat actorvalid accountsvoidtrapvoipvoip attackvulnerability scanwazuhwealth managementweb app attackweb application attackweb attackweb exploitationweb spamweb traffic
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
32
Reports
First seenJul 27, 2022
Last seenJun 8, 2026
GeolocationCN
CountryChina
LocationChengde, Hebei
ASNAS4837
OrgCNC Group CHINA169 Hebei Province Network
Coords40.9515, 117.9630
VirusTotal
Not checked
WHOIS
- description
- Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
- raw
- inetnum: 121.16.0.0 - 121.23.255.255 netname: UNICOM-HE descr: China Unicom Hebei province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: KL984-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HE mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2023-10-21T03:33:57Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: Kong Lingfei nic-hdl: KL984-AP e-mail: [email protected] address: 45, Guang An Street, Shi Jiazhuang City, HeBei Province,050011,CN phone: +86-311-86681601 fax-no: +86-311-86689210 country: cn mnt-by: MAINT-CNCGROUP-HE last-modified: 2009-02-06T02:31:32Z source: APNIC route: 121.16.0.0/13 descr: CNC Group CHINA169 Hebei Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:47Z source: APNIC
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://lists.blocklist.de/lists/mail.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 2 days ago
Appeared in 32 threat reports