IPMediumSignal 42/100
109.244.159.27
Location
ChinaNanjing, Jiangsu
ASN
AS45090
Tencent Cloud Computing (Beijing) Co., Ltd
First Seen
Mar 12, 2025
Last Seen
Jun 6, 2026
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionNanjing, Jiangsu
ASNAS45090
OrganizationTencent Cloud Computing (Beijing) Co., Ltd
Feed Intelligence Summary
11 reports42% confidence
11
Source reports
42%
Confidence score
Category tags
4.0.0abuseaccount compromiseactive scanactive scanningadbhoney honeypotaptasiaattackaustraliaauthentication attacksauthentication brute forceauthentication bypassauthentication failureautomated attackbad reputationbad web botblock listblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcec2 communicationchinachina mobilecisco devicecisco exploitcisco exploitationcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescncode executioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromise attemptcompromised hostcompromised systemsconpot activityconpot honeypotcowriecowrie activitycowrie detectedcowrie honeypotcowrie honeypot datacowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata exfiltration attemptdata store exposuredatabase access attemptdatabase attackdatabase enumerationdatabase intrusion attemptdatabase probingdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdictionary attackdionaeadionaea activitydionaea detecteddionaea honeypotdionaea malware detectiondistributed attackselasticpot detectedelasticpot honeypotelasticsearch monitoringenterprise networkingenumerationeuropeexploitexploit attemptexploit attemptsexploit kit activityexploitation activityexploitation attemptsexploited hostexternal attackfailed loginfattfinlandfranceftpftp attacksftp brute forcegermanyhackingheralding activityhk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp request anomalyhttp scannerhttp scanningics securityidentity & access exploitationindicatorindicators of compromiseindustrial control systemsinitial accessinjection activityinjection attacksinternet_scaniociot exploitationiot securityiot/ics attackipphoney activityipphoney honeypotipv4lamplamp attacklamp exploitation attemptlamp exploitation attemptslamp stack targetinglateral movementlogin attemptmailoney activitymailoney honeypotmalicious activitymalicious ip activitymalicious payloadmalicious payload detectionmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware propagationnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service attacknetwork service enumerationnetwork traffic analysisnetwork-based attack attemptsnetwork_reconnaissancenorth americaobserved malicious activityoceaniaopen_port_discoveryp0fpassword attackpassword attackspgp signphishingphishing attackphishing trappolandpossible malicious activitypossible malware deploymentpotential reconnaissanceprocess injectionprotocol exploitationransomwarercerdp attacksreconnaissanceredisredis honeypotremote accessremote servicesresearchedresource hijackingscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetserver exploitationservice enumerationservice_enumerationsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp intrusion attemptshellsip brute forcesip scanningsip vulnerability exploitationsmb brute forcesmtpsmtp attackssmtp brute forcesmtp scanningsocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptsssh attackssh attacksssh monitoringt-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1071.004t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1588t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner detectedtargeting databasetcp scantcp_scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedtimeouttor nodetpotudp scanudp_scanunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited statesus abuseus ip addressus nonevnc protocolvoipvoip attackvulnerability scanweb application attackweb application attacksweb application scanningweb attackweb exploitationweb spamweb traffic
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
11
Reports
First seenMar 12, 2025
Last seenJun 6, 2026
GeolocationCN
CountryChina
LocationNanjing, Jiangsu
ASNAS45090
OrgTencent Cloud Computing (Beijing) Co., Ltd
Coords32.0584, 118.7960
VirusTotal
Not checked
WHOIS
- description
- seen in Redishoneypot; events=10; ports=6379; cc=CN; asn=45090; asn_org=Shenzhen Tencent Computer Systems Company Limited; redis_cmd_hits=0
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 15 days ago
Appeared in 11 threat reports