IOC Radar
IPMediumSignal 100/100

120.27.144.148

Location
ChinaChina
Hangzhou, Zhejiang
ASN
AS37963
Alibaba.com LLC
First Seen
May 12, 2024
Last Seen
Feb 28, 2026
May 12
First Seen
762d ago
Feb 28
Last Seen
105d ago
15
Reports
source reports
99%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

60 techniques

Network Information

CountryCNChina
RegionHangzhou, Zhejiang
ASNAS37963
OrganizationAlibaba.com LLC

Feed Intelligence Summary

15 reports99% confidence
15
Source reports
99%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanninganomalous network connectionsasiaattackaustraliaauthentication attacksbad web botblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcec2c2 communicationc2 serverchinachina mobilecisco devicecloud infrastructurecloud infrastructure attackcloud servicescolumnscommand and controlcommand injectioncommunication protocolcompany limitedcompromise attemptcompromised hostcompromised hostscompromised systemscowrie honeypotcredential accesscredential attackcredential stuffingcredential_accessdaily_sourcesdata exfiltrationdata exfiltration attemptdata theftdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaea activitydionaea attacksdionaea honeypotdistributed attacksenterprise networkingenumerationeuropeexfiltrationexploitexploit kit activityexploit probingexploitationexploitation attemptsexploited hostexternal_attackfattfatt analysisfinlandfranceftpftp attacksftp brute forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usindicatorinjection attacksinternet of thingsintrusion detectioniociot botnetiot targetediot/ics attacklamplamp server targetinglateral movementloginlogin attemptlogin attemptslogin brute forcemailoney activitymailoney attacksmailoney honeypotmalicious activitymalicious ip activitymalicious network activitymalicious script executionmalicious softwaremalicious trafficmalwaremalware activitymalware behaviourmalware capturemalware deliverymalware distributionmirai botnetnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_attacknorth americaoceaniap0fp0f fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishing attackphishing trappolandpossible botnet activitypossible malware distributionpotential malware uploadprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote code executionremote servicesresearchedresource hijackingscanscannerscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssftp access attemptsftp attacksip attackssmb brute forcesmtpsmtp attackssmtp brute forcesmtp scanningsocradar honeypotspamssh attackssh attacksssh monitoringsuricata alertst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1555t1563t1565t1566t1573t1573.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploitstcp protocoltcp scantcp/23telnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttpotudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunited statesus abuseus nonevoip attackweb application attackweb exploitationweb shell uploadweb spamweb traffic

Activity Timeline

1 total obs
Feb 28Feb 28

Threat Activity Heatmap

· Peak: 2026-02-28
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
15
Reports
First seenMay 12, 2024
Last seenFeb 28, 2026
GeolocationCN
CountryChina
LocationHangzhou, Zhejiang
ASNAS37963
OrgAlibaba.com LLC
Coords30.2742, 120.1550

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=cowrie, p0f, suricata; threshold?1; private IPs excluded.
raw
inetnum: 120.24.0.0 - 120.27.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN admin-c: ZM1015-AP tech-c: ZM877-AP tech-c: ZM876-AP tech-c: ZM875-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-ALISOFT-CN last-modified: 2023-11-28T00:57:00Z source: APNIC irt: IRT-ALISOFT-CN address: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: ZM877-AP tech-c: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-05T23:38:36Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-19T17:20:32Z source: APNIC person: Li Jia address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou country: CN phone: +86-0571-85022088 e-mail: [email protected] nic-hdl: ZM1015-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:12:42Z source: APNIC person: Guoxin Gao address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022600 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM875-AP mnt-by: MAINT-CNNIC-AP last-modified: 2014-07-30T01:56:01Z source: APNIC person: security trouble e-mail: [email protected] address: 5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen??r Road address: Hangzhou, Zhejiang, China phone: +86-0571-85022600 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: ZM876-AP last-modified: 2025-07-01T07:06:11Z source: APNIC person: Guowei Pan address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022088-30763 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:05:46Z source: APNIC route: 120.26.0.0/15 descr: Addresses from CNNIC country: CN origin: AS37963 mnt-by: MAINT-CNNIC-AP last-modified: 2016-04-07T03:20:01Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 months ago
Appeared in 15 threat reports