IPMediumSignal 57/100

`119.45.248.246`

Location

China

Nanjing, Jiangsu

ASN

AS45090

Tencent cloud computing (Beijing) Co., Ltd.

First Seen

Mar 12, 2025

Last Seen

May 30, 2026

Mar 12

First Seen

458d ago

May 30

Last Seen

15d ago

Reports

source reports

57%

Confidence

medium

Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

57%

Signal Score

57 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

65 techniques

Network Information

Country

China

RegionNanjing, Jiangsu

ASNAS45090

OrganizationTencent cloud computing (Beijing) Co., Ltd.

Feed Intelligence Summary

13 reports57% confidence

Source reports

57%

Confidence score

Category tags

abuseaccount compromiseactive scanactive scanningadbadbhoney activityadbhoney honeypotandroid device attacksaptasiaattackattack source ipattacker-ipaustraliaauthentication attackauthentication attemptsautomated attacksbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_force_attackbruteforcechinaciscocisco attackscisco devicecisco exploitcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco protocol attackscloud infrastructurecloud infrastructure attackcloud servicescncode executioncommand and controlcommand executioncommunication protocolcompromise attemptcompromised hostconfig manipulationconpotconpot activityconpot honeypotcowriecowrie activitycowrie detectedcowrie honeypotcowrie honeypot datacowrie interactionscowrie ssh attackscredential accesscredential attackscredential guessingcredential harvestingcredential stuffingcredential_attackcron injectiondata encryptiondata exfiltrationdata store exposuredatabase access attemptdatabase attackdatabase brute forcedatabase enumerationdatabase intrusion attemptdatabase probingdatabase scandatabase securityddosddos attackdecoy systemdenial of servicedevice managementdictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea detecteddionaea honeypotdionaea interactionsdionaea malware detectiondistributed attackselasticpot detectedelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingeuropeexploitexploit attemptexploitation activityexploited hostexternal_threatfailed loginfattfatt signaturesfranceftpftp brute forceftp scanftp_scanhackingheralding activityhoneytrap activityhoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp request anomalyhttp scannerhttp_scanics securityidentity & access exploitationindicatorindustrial control systemsinitial accessinjection activityinjection attacksinternet_wide_scanintrusion detectioniot securityiot targetediot/ics attackipphoney activityipphoney honeypotipv4_scanningjapanlamplamp attacklamp attackslamp exploitation attemptlamp exploitation attemptslamp stack targetinglateral movementlcialogin attemptmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious code detectionmalicious email activitymalicious payloadmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware propagationmobile threatmodule loadingnetworknetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork_probingnetwork_reconnaissancenorth americaoceaniaopenctip0fp0f signaturesparispassword attackpassword attackspassword crackingpassword_attackphishingphishing attackphishing trapping of deathportscanpossible botnet activitypossible malicious activitypotential malware distributionpotential reconnaissanceprocess injectionprotocol exploitationransomwarercerdp_scanreconnaissanceredisredis exploitationredis honeypotredishoneypotredishoneypot activityremote accessremote servicesresearchedresource hijackingscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver exploitationservice scanservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp intrusion attemptsftp scanningshellsingaporesipsip activitysip brute forcesip scanningsip vulnerability exploitationslaveofsmtpsmtp probingsocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh activityssh attackssh key injectionssh monitoringssh_scansuricata alertssystem accesst-pott1005t1021t1021.001t1021.002t1021.003t1021.006t1027t1040t1041t1046t1047t1055t1059t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1136.001t1189t1190t1199t1203t1204.002t1213t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1559t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1574.001t1588t1589t1590t1595t1595.001t1595.002t1595.003tannertanner activitytanner detectedtanner interactionstargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat_actor_unknowntokyotor nodetpotunauthorized accessunauthorized access attemptsunited kingdomunited statesus ip addressus source ipvoipvoip attackvoip attacksvulnerabilityvulnerability scanvultrweb app attackweb application attackweb application attacksweb application scanweb application scanningweb attackweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

57%

Confidence

Reports

First seenMar 12, 2025

Last seenMay 30, 2026

GeolocationCN

CountryChina

LocationNanjing, Jiangsu

ASNAS45090

OrgTencent cloud computing (Beijing) Co., Ltd.

Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description: seen in Redishoneypot; events=12; ports=6379; cc=CN; asn=45090; asn_org=Shenzhen Tencent Computer Systems Company Limited; cats=Generic Protocol Command Decode; redis_cmd_hits=0
raw: inetnum: 119.45.0.0 - 119.45.255.255 netname: TencentCloud descr: Tencent cloud computing (Beijing) Co., Ltd. country: CN admin-c: JT1125-AP tech-c: JX1747-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-TENCENTCLOUD-CN mnt-lower: MAINT-CNNIC-AP last-modified: 2023-11-28T00:57:00Z source: APNIC irt: IRT-TencentCloud-CN address: 9F, FIYTA Building, Gaoxinnanyi Road, Southern address: District of Hi-tech Park, Shenzhen e-mail: [email protected] abuse-mailbox: [email protected] admin-c: JT1125-AP tech-c: JX1747-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-07 mnt-by: MAINT-CNNIC-AP last-modified: 2025-03-07T07:43:08Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: James Tian address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-84952 e-mail: [email protected] nic-hdl: JT1125-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-19T08:21:31Z source: APNIC person: Jimmy Xiao address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-80224 e-mail: [email protected] nic-hdl: JX1747-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-17T00:38:09Z source: APNIC route: 119.45.0.0/16 origin: AS45090 descr: China Internet Network Information Center Floor1, Building No.1 C/-Chinese Academy of Sciences 4, South 4th Street Haidian District, mnt-by: MAINT-CNNIC-AP last-modified: 2019-11-13T01:01:18Z source: APNIC
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-redis-bruteforce-ip-list-2025-07-27/, https://jamesbrine.com.au

`119.45.248.246`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy