IOC Radar
IPMediumSignal 48/100

123.207.152.248

Location
ChinaChina
Beijing, Beijing
ASN
AS45090
Tencent cloud computing (Beijing) Co., Ltd.
First Seen
Mar 21, 2022
Last Seen
Jun 6, 2026
Mar 21
First Seen
1545d ago
Jun 6
Last Seen
7d ago
23
Reports
source reports
48%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Network Information

CountryCNChina
RegionBeijing, Beijing
ASNAS45090
OrganizationTencent cloud computing (Beijing) Co., Ltd.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

23 reports48% confidence
23
Source reports
48%
Confidence score
Category tags
abuseabuseipdbactive scanactive scanningadbadb protocoladbhoney honeypotaerospace & defenseand exploitation attemptsaptasiaattackaustraliaauthentication abuseauthentication bypass attemptautomated attackautomotive manufacturingbad reputationbad web botblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute-forcechinacisco devicecisco device targetingcivil servicescncommand and controlcommand injectioncommunication protocolcompromised credentialsconpot honeypotcowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase intrusiondatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaea honeypotdirectory traversaldistributed attackselectronics manufacturingencryptionenterprise networkingeuropeexploitexploit attemptsexploitationexploitation activityexploitation attemptexploited hostfattfinlandfrancefraud voipftpftp brute forceftp brute-forcegeneric exploitgermanygovernment technologyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerics attacksics securityics/scada systemsidentity & access exploitationindustrial automationindustrial control systemsindustrial iotindustrial productioninitial access attemptinjection activityinjection attacksintrusion detectioniociot attacksiot securityiot systemsiot/ics attacklamplamp stack attackslateral movementlinux systems targetedlogin attemptmailoney honeypotmalicious activitymalicious sftp activitymalicious ssh activitymalwaremalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmanufacturing technologymilitary operationsmodbusmodbus protocolmulti-protocol network scanningnational securitynetworknetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork protocolnetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnextraynorth americaoceaniaopen proxyot attacksp0fpassword attackpassword attacksphishingphishing attackphishing trappolandpossible credential reuseprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policypublicly accessible infrastructurequality controlreconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackings7comms7comm protocolscams & fraudscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetserver exploitationservice scansftp access attemptssftp attacksftp protocolsip protocolsmb brute forcesmtpsmtp brute forcesocial engineeringspamsql injectionsshssh attackssh monitoringssh protocolsupply chain attacksupply chain managementsystem accesst1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1059t1059.001t1059.003t1059.004t1059.007t1068t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1566.001t1566.002t1566.003t1566.004t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp scanunauthorized access attemptunited statesunknown threat actorvnc protocolvoipvoip attackvoip attacksweb application attackweb attackweb attacksweb exploitweb exploitationweb serversweb spamweb traffic

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
23
Reports
First seenMar 21, 2022
Last seenJun 6, 2026
GeolocationCN
CountryChina
LocationBeijing, Beijing
ASNAS45090
OrgTencent cloud computing (Beijing) Co., Ltd.
Coords39.9042, 116.4070
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 123.206.0.0 - 123.207.255.255 netname: TencentCloud descr: Tencent cloud computing (Beijing) Co., Ltd. descr: Floor 6, Yinke Building,38 Haidian St, descr: Haidian District Beijing country: CN admin-c: JT1125-AP tech-c: JX1747-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-TENCENTCLOUD-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:57:03Z source: APNIC irt: IRT-TencentCloud-CN address: 9F, FIYTA Building, Gaoxinnanyi Road, Southern address: District of Hi-tech Park, Shenzhen e-mail: [email protected] abuse-mailbox: [email protected] admin-c: JT1125-AP tech-c: JX1747-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-07 mnt-by: MAINT-CNNIC-AP last-modified: 2025-03-07T07:43:08Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: James Tian address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-84952 e-mail: [email protected] nic-hdl: JT1125-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-19T08:21:31Z source: APNIC person: Jimmy Xiao address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-80224 e-mail: [email protected] nic-hdl: JX1747-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-17T00:38:09Z source: APNIC route: 123.206.0.0/15 descr: TencentCloud descr: Tencent cloud computing (Beijing) Co., Ltd. country: CN origin: AS45090 notify: [email protected] mnt-by: MAINT-CNNIC-AP last-modified: 2016-01-21T09:24:01Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 7 days ago
Appeared in 23 threat reports