IOC Radar
IPMediumSignal 100/100

117.48.147.13

Location
ChinaChina
Beijing, Beijing
ASN
AS140292
CloudVsp
First Seen
Oct 22, 2024
Last Seen
May 5, 2026
Oct 22
First Seen
597d ago
May 5
Last Seen
37d ago
20
Reports
source reports
99%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Network Information

CountryCNChina
RegionBeijing, Beijing
ASNAS140292
OrganizationCloudVsp

IP Category

Proxy
Proxy server

Feed Intelligence Summary

20 reports99% confidence
20
Source reports
99%
Confidence score
Category tags
abuseaccess controlaccount takeover attemptsactive scanactive scanningasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication failuresauto-generated securityautomated attackbanlist feedbinary defenseblacklisted ipbotnetbrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcbrute-forcec2 serverchinacisco devicecncommand and controlcommunication protocolcompromised credentialscompromised hostscowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata theftddosdecoy systemdevice managementdigitalocean vpsdionaea honeypotdistributed attacksenterprise networkingeuropeexternal ipfail2ban blocked ipfail2ban triggeredfailed loginftpftp brute forcehoneytrap honeypotinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessintrusion detectioniocit infrastructurelamplog analysislogin attemptsmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmultiple failed attemptsmultiple failed loginsnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americanoticeoceaniapassword attackpassword attackspassword crackingphishing attackprocess injectionprotocol exploitationproxyreconnaissanceremote accessresearchedscannerscanning activitysecurity operationssecurity policyservice exploitationsftp attacksocial engineeringsoftware developmentspamsshssh attackssh monitoringsyn scansystem accesst1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1566t1566.001t1566.002t1566.003t1573t1587.001t1588t1588.002t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpotceudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunited kingdomunited statesvalid accountsweb login

Activity Timeline

1 total obs
May 5May 5

Threat Activity Heatmap

· Peak: 2026-05-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
20
Reports
First seenOct 22, 2024
Last seenMay 5, 2026
GeolocationCN
CountryChina
LocationBeijing, Beijing
ASNAS140292
OrgCloudVsp
Coords34.7732, 113.7220
Proxy

VirusTotal

Not checked

WHOIS

description
2024-11-15T23:17:00.186Z Honeypot : Cowrie : Source: 117.48.147.13 Data: Connection lost after 2 seconds
raw
inetnum: 117.48.128.0 - 117.48.159.255 netname: CloudVsp descr: CloudVsp.Inc country: CN admin-c: HL2919-AP tech-c: HL2919-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-CNNIC-CN last-modified: 2021-11-24T23:55:50Z source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. mnt-by: MAINT-CNNIC-AP last-modified: 2021-06-16T01:39:57Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Huakun Li nic-hdl: HL2919-AP e-mail: [email protected] address: NO.18 Building University of Technology address: Beijing Economic-Technological Development Area phone: +86-18101125590 fax-no: +86-10-87529719 country: CN mnt-by: MAINT-CNNIC-AP last-modified: 2014-04-21T01:48:01Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 20 threat reports