IPMediumSignal 88/100
116.205.171.248
Location
ChinaGuangzhou, GD
ASN
AS55990
Huawei Public Cloud Service
First Seen
Apr 15, 2026
Last Seen
May 29, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
88%
Signal Score
88 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionGuangzhou, GD
ASNAS55990
OrganizationHuawei Public Cloud Service
Feed Intelligence Summary
17 reports88% confidence
17
Source reports
88%
Confidence score
Category tags
abuseactive scanactive scanningaptasiabad reputationbad web botbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforcechinacncredential accesscredential stuffingexploitation activityhackingidentity & access exploitationindicatormalaysianetworkpassword attacksportscanreconnaissanceresearchedscannerscannersservice scansshssh attackt1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003telnetthreat actortor nodevultr
Activity Timeline
May 29May 29
Threat Activity Heatmap
· Peak: 2026-05-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
88
SIGNAL
Signal Score
88%
Confidence
17
Reports
First seenApr 15, 2026
Last seenMay 29, 2026
GeolocationCN
CountryChina
LocationGuangzhou, GD
ASNAS55990
OrgHuawei Public Cloud Service
Coords23.1181, 113.2539
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
- raw
- inetnum: 116.205.128.0 - 116.205.255.255 netname: HWCSNET descr: Huawei Public Cloud Service (Huawei Software Technologies Ltd.Co) descr: No.2018 Xuegang Road,Bantian street,Longgang District, descr: Shenzhen,Guangdong Province, 518129 P.R.China country: CN admin-c: LL3172-AP tech-c: GX1759-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP mnt-irt: IRT-CNNIC-CN last-modified: 2022-04-18T05:40:24Z source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. remarks: [email protected] is invalid mnt-by: MAINT-CNNIC-AP last-modified: 2025-11-17T23:08:37Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-19T17:20:32Z source: APNIC person: Gui xiaowei address: HUAWEI CLOUD Data Center, Jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guizhou Province country: CN phone: +86-18566251984 e-mail: [email protected] nic-hdl: GX1759-AP mnt-by: MAINT-CNNIC-AP last-modified: 2022-04-18T05:32:41Z source: APNIC person: Liu Liqun address: HUAWEI CLOUD Data Center, Jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guizhou Province country: CN phone: +86-13360099887 e-mail: [email protected] nic-hdl: LL3172-AP mnt-by: MAINT-CNNIC-AP last-modified: 2022-04-18T05:33:15Z source: APNIC
- references
- https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-telnet-bruteforce-ip-list-2026-04-17/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-15/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 months ago · Last seen 24 days ago
Appeared in 17 threat reports