IPMediumSignal 54/100
120.48.33.83
Location
ChinaBeijing, Beijing
ASN
AS38365
Beijing Baidu Netcom Science and Technology Co., Ltd.
First Seen
Apr 10, 2025
Last Seen
Apr 7, 2026
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionBeijing, Beijing
ASNAS38365
OrganizationBeijing Baidu Netcom Science and Technology Co., Ltd.
Feed Intelligence Summary
14 reports54% confidence
14
Source reports
54%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotasiaattackbad reputationblacklisted ipsbotnetbotnet activitybrute forcebrute force attackbrute force attemptsc2certchinacisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommunication protocolcompromised hostscompromised systemconpot activityconpot honeypotcowrie activitycowrie detectedcowrie honeypotcowrie honeypot datacowrie ssh attackscredential accesscredential harvestingcredential stuffingcredential_accessdata exfiltrationdata exploitationdata store exposuredatabase attackdatabase probingdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdictionary attackdionaea activitydionaea detecteddionaea honeypotdionaea malware detectiondistributed attackselasticpot detectedelasticpot honeypotelasticsearch monitoringenterprise networkingeuropeexploit attemptexploit kit activityexploitation activityexternal reconnaissancefailed loginfranceftp brute forcehackingheralding activityhoneytrap activityhoneytrap honeypothttp brute forcehttp floodhttp probinghttp request anomalyics securityidentity & access exploitationindicatorindustrial control systemsinfected hostsinitial accessinjection activityiociot exploitationiot securityiot/ics attackiplistipphoney activityipphoney honeypotlamplamp attackslamp stack targetinglateral movementlogin attemptmailoney activitymailoney honeypotmalicious activitymalicious code detectionmalicious domainsmalicious ipsmalicious softwaremalicious trafficmalicious urlsmalwaremalware behaviourmalware c2malware capturemalware distributionmalware propagationnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork_scanningnorth americapassword attackpassword attackspassword_attackphishingphishing attackphishing trapping of deathpolandpossible malicious activitypotential reconnaissanceprocess injectionprotocol exploitationransomwarereconnaissanceredis honeypotremote accessremote serviceremote servicesresearchedresource hijackingscannerscanning activityscripting attackssentrypeer botnetserver exploitationsftp access attemptssftp activitysftp attacksftp attemptsftp intrusion attemptshellsip brute forcesip scanningsip vulnerability exploitationsocial engineeringsocradarsql injection attemptsql injection attemptsssh attackssh monitoringsyn floodt1005t1016t1021t1021.001t1021.002t1021.003t1021.006t1040t1041t1046t1053t1055t1057t1059t1059.001t1059.004t1059.005t1059.007t1068t1071t1071.001t1071.004t1076t1078t1078.001t1078.002t1078.003t1078.004t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1497.001t1499.001t1499.002t1499.003t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1589t1595t1595.001t1595.002t1595.003tannertanner activitytanner detectedtargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunauthorized accessunauthorized access attemptsunidentified threat actorunited statesvoipvoip attackvulnerability scanweb application attacksweb attackweb exploitation
Activity Timeline
Apr 7Apr 7
Threat Activity Heatmap
· Peak: 2026-04-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
14
Reports
First seenApr 10, 2025
Last seenApr 7, 2026
GeolocationCN
CountryChina
LocationBeijing, Beijing
ASNAS38365
OrgBeijing Baidu Netcom Science and Technology Co., Ltd.
Coords39.9116, 116.3510
VirusTotal
Not checked
WHOIS
- description
- IPV4 hosts detected attempting to brute force Redis on private honeypot
- raw
- inetnum: 120.48.0.0 - 120.49.255.255 netname: Baidu descr: Beijing Baidu Netcom Science and Technology Co., Ltd. descr: Baidu Plaza, No.10, Shangdi 10th street, descr: Haidian District Beijing,100080 country: CN admin-c: BN261-AP tech-c: BN261-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-BAIDU-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2024-03-11T23:28:49Z source: APNIC irt: IRT-Baidu-CN address: 12f,lixiang building ,zhongguancun,beijing e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: ZKY3-AP tech-c: ZKY3-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-05T23:38:37Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Baidu Noc address: Baidu Campus,NO.10 Shangdi 10th Street,Haidian District,Beijing The People's Republic of China 100085 country: CN phone: +86-18110062082 e-mail: [email protected] nic-hdl: BN261-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-11T23:28:23Z source: APNIC
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 14 threat reports