IOC Radar
IPMediumSignal 40/100

120.25.196.97

Location
ChinaChina
Shenzhen, GD
ASN
AS37963
Alibaba.com LLC
First Seen
Jun 22, 2024
Last Seen
Apr 5, 2026
Jun 22
First Seen
722d ago
Apr 5
Last Seen
70d ago
21
Reports
source reports
40%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryCNChina
RegionShenzhen, GD
ASNAS37963
OrganizationAlibaba.com LLC

Feed Intelligence Summary

21 reports40% confidence
21
Source reports
40%
Confidence score
Category tags
abuseabuseipdbaccessaccess controlactionactive scanactive scanningasiaattackauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attacksc2certchinacncommand & controlcommand and controlcommunication protocolconfigconnectcowriecowrie detectedcowrie honeypotcredential accesscredential harvestingcredential stuffingcssdata exfiltrationdata store exposuredatabase securityddosdecoy systemdictionary attackdionaeadionaea detecteddionaea honeypotdistributed attackselasticpot detectedelasticpot honeypotelasticsearch monitoringemailenumeration activityexecutable fileexploitexploit attemptexploit attemptsexploitation activityfin scanfirewall detectionftpftp brute forcegithubgroupshoneytrap honeypotidentity & access exploitationindicatorinfoinfrastructure acquisitionreconnaissanceinjection activityiot securitylamplinuxmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemanualnetworknetwork activitynetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynull scanopen port discoverypassword attackpassword attacksphishingphishing attackphishing trappingpossible malicious activitypotential vulnerability assessmentprocess injectionpythonransomwarereconnaissanceredis honeypotredishoneypotresearchedresource hijackingrtbhscannerscriptsecurity policysentrypeer botnetserverservice discoveryservice scanservice version detectionsftpsftp attacksipsip brute forcesip scanningslugsocial engineeringsocradarsshssh attackssh monitoringsurface websyn scant1016t1018t1021t1040t1041t1046t1055t1059t1059.004t1068t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003tannertanner detectedtargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanunauthorized accessvoipvoip attackvulnerability scanxmas scan

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
40
SIGNAL
Signal Score
40%
Confidence
21
Reports
First seenJun 22, 2024
Last seenApr 5, 2026
GeolocationCN
CountryChina
LocationShenzhen, GD
ASNAS37963
OrgAlibaba.com LLC
Coords22.5318, 114.1374

VirusTotal

Not checked

WHOIS

description
2025-04-06T01:10:04.000Z Honeypot : Redishoneypot : Source: 120.25.196.97 : Port: 6379 Action: NewConnect Message:
raw
inetnum: 120.24.0.0 - 120.27.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN admin-c: ZM1015-AP tech-c: ZM877-AP tech-c: ZM876-AP tech-c: ZM875-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-ALISOFT-CN last-modified: 2023-11-28T00:57:00Z source: APNIC irt: IRT-ALISOFT-CN address: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: ZM877-AP tech-c: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-05T23:38:36Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Li Jia address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou country: CN phone: +86-0571-85022088 e-mail: [email protected] nic-hdl: ZM1015-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:12:42Z source: APNIC person: Guoxin Gao address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022600 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM875-AP mnt-by: MAINT-CNNIC-AP last-modified: 2014-07-30T01:56:01Z source: APNIC person: security trouble e-mail: [email protected] address: 5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen??r Road address: Hangzhou, Zhejiang, China phone: +86-0571-85022600 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: ZM876-AP last-modified: 2025-07-01T07:06:11Z source: APNIC person: Guowei Pan address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022088-30763 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:05:46Z source: APNIC route: 120.24.0.0/14 descr: Hangzhou Alibaba Advertising Co.,Ltd. country: CN origin: AS37963 mnt-by: MAINT-CNNIC-AP last-modified: 2019-08-07T23:28:05Z source: APNIC route: 120.24.0.0/14 descr: Alibaba (US) Technology Co., Ltd. country: CN origin: AS45102 mnt-by: MAINT-CNNIC-AP last-modified: 2019-08-07T23:28:03Z source: APNIC
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://list.rtbh.com.tr/output.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 21 threat reports