IOC Radar
IPMediumSignal 100/100

117.48.157.75

Location
ChinaChina
Beijing, Beijing
ASN
AS140292
CloudVsp
First Seen
May 22, 2025
Last Seen
May 27, 2026
May 22
First Seen
399d ago
May 27
Last Seen
29d ago
22
Reports
source reports
99%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

70 techniques

Network Information

CountryCNChina
RegionBeijing, Beijing
ASNAS140292
OrganizationCloudVsp

IP Category

Proxy
Proxy server

Feed Intelligence Summary

22 reports99% confidence
22
Source reports
99%
Confidence score
Category tags
abuseaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningadbhoney activityadbhoney honeypotalfa teamand scanner probesantispamapplication exploitationasiaattackattack sourceauthenticationauthentication attackauthentication bypassback orificebad reputationbad web botblacklist activityblacklist checkblacklist hitblacklisted ipblacklisted ip activitybotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2 communicationc2 serverchinacisco attackcisco devicecisco device targetingcisco exploit attemptscisco_exploitcncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication technologiescompromised credentials attemptcompromised hostcompromised hostscompromised systemconpot activityconpot honeypotcowrie activitycowrie datacowrie honeypotcowrie interactioncowrie interactionscowrie_attackcredential accesscredential brute-forcingcredential harvestingcredential stuffingcredential stuffing attemptscredential_accessd-link hnapdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase brute forcedatabase exploitation attemptsdatabase securityddosddos attacksdecoy systemdenial of servicedevice managementdhcpdhcp attacksdhcp discoverydhcp scanningdionaea activitydionaea capturedionaea honeypotdionaea interactionsdistributed attackselasticsearchelasticsearch brute forceelasticsearch discoveryencryptionenterprise networkingenumerationeuropeexecutable fileexploit attemptsexploitationexploitation activityfail2ban triggeredfailed login attemptsfinlandftpftp brute forcegpon router exploitationgpon vulnerabilityhackinghardcoded credentialshardcoded passwordheralding behaviorhoneytrap honeypothttp brute forcehttp scannerhttp scanninghttpsics securityidentity & access exploitationimapimap brute forceimap scanningindicatorindustrial control systemsinformation gatheringinitial accessinitial_accessinjection activityinternet of thingsintrusion detectioniociot botnetiot device targetingiot exploitationiot securityiot/ics attackip.txtipphoney activityipphoney honeypotlamplamp attacklamp exploit attemptslamp exploitation attemptlamp stack targetinglamp_exploitlateral movementldapldap brute forceldap scanninglog4jloginlogin attacklogin attemptmalaysiamalicious activitymalicious ip activitymalicious network activitymalicious payload attemptmalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware distributionmemcache scanningmemcached brute forcememcached scanningmirai botnetmobile carriersmobile networksmssqlmssql brute forcemssql databasemssql scanningmysql brute forcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork trafficnetwork traffic analysisntpntp amplification attacksntp scanningoracleoracle brute forceoracle databaseoracle scanningpassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackpossible malware distributionpostgres scanningpostgresql brute forcepotential malware uploadprocess injectionprotocol exploitationproxyqhoneypot detectedqhoneypot detectionransomwarercereconnaissanceredis brute forceredis scanningremote accessremote service exploitationremote servicesresearchedresource hijackingrouter exploitationscanscannerscanning activityscripting attackssecurity operationssecurity policysentrypeer botnetsentrypeer detectionserver exploitationservice enumerationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp_attackshellsip brute forcesip scanningsip_attacksmb brute forcesmb scanningsnmp attackssoap injectionsocial engineeringsocks5socks5 proxysocks5 proxy detectionsocks5 scanningsocradar honeypotsoraspamsql injectionsshssh attackssh monitoringssh_bruteforceswedensystem enumerationsystembct-pott1005t1007t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1040t1041t1046t1047t1055t1059t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505t1505.004t1550.002t1555t1563t1565t1566.001t1566.002t1566.003t1567t1573t1588t1588.002t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003tannertargeting databasetbk dvr sostreamaxtcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotceunauthorized accessunauthorized access attemptunauthorized loginunited kingdomvalid accountsvnc protocolvnc scanningvoipvoip attackvulnerabilityvulnerability scanweb application attackweb application attacksweb attackweb exploitationweb scannerweb shellweb trafficzgrabzivif camerazivif pr115-204-p-rszoho manageengine opmanager

Activity Timeline

1 total obs
May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
22
Reports
First seenMay 22, 2025
Last seenMay 27, 2026
GeolocationCN
CountryChina
LocationBeijing, Beijing
ASNAS140292
OrgCloudVsp
Coords34.7732, 113.7220
Proxy

VirusTotal

Not checked

WHOIS

description
dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw
inetnum: 117.48.128.0 - 117.48.159.255 netname: CloudVsp descr: CloudVsp.Inc country: CN admin-c: HL2919-AP tech-c: HL2919-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-CNNIC-CN last-modified: 2021-11-24T23:55:50Z source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. mnt-by: MAINT-CNNIC-AP last-modified: 2021-06-16T01:39:57Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Huakun Li nic-hdl: HL2919-AP e-mail: [email protected] address: NO.18 Building University of Technology address: Beijing Economic-Technological Development Area phone: +86-18101125590 fax-no: +86-10-87529719 country: CN mnt-by: MAINT-CNNIC-AP last-modified: 2014-04-21T01:48:01Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.virustotal.com/gui/collection/a4c38dc13a91da98a9f3a7f1c46c9aaeaa4d713d113c68c71fdf89837667717d, ip.txt, https://example.com, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7331697387700146177-tmHu?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7331334354553491461-DTFV?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 29 days ago
Appeared in 22 threat reports