IOC Radar
IPMediumSignal 75/100

124.223.86.48

Location
ChinaChina
Shanghai, Shanghai
ASN
AS45090
Tencent cloud computing (Beijing) Co., Ltd.
First Seen
Feb 5, 2026
Last Seen
May 20, 2026
Feb 5
First Seen
131d ago
May 20
Last Seen
27d ago
18
Reports
source reports
75%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryCNChina
RegionShanghai, Shanghai
ASNAS45090
OrganizationTencent cloud computing (Beijing) Co., Ltd.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

18 reports75% confidence
18
Source reports
75%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningapacheapache attackerasiaattackaustraliabad reputationbad web botblacklisted ip detectionblocklist_allbotnetbotnet activitybrute forcebrute force attackchinaciscocisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescncommand and controlcommand executioncommunication protocolcowriecowrie honeypotcredential accesscredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedevice managementdhcpdhcp exploitationdionaeadionaea honeypotdistributed attackselasticsearchelasticsearch bruteforceencryptionenterprise networkingexploitexploitationexploitation activityexploited hostfattftpftp bruteforcehackinghoneytrap datahoneytrap honeypothttp scanneridentity & access exploitationimapimap bruteforceindicatorinformation gatheringinjection activityintrusion detectioniot securityjapanlamplamp stack targetinglateral movementldapldap bruteforcemailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturememcache exploitationmssqlmssql bruteforcenetworknetwork infrastructurenetwork monitoringnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisntpntp amplificationoceaniaopenctioracleoracle bruteforcep0fpassword attacksphishingphishing attackphishing trapportscanpossible botnet activitypostgrespostgres bruteforceprocess injectionprotocol exploitationproxyqhoneypot interactionreconnaissanceredisredis bruteforceremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationservice scansftpsftp attacksipsip scanningsmbsmb bruteforcesmtpsnmpsnmp enumerationsocks5socks5 proxyingsql injectionsshssh attackssh bruteforcessh monitoringt1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.003t1059.004t1059.005t1071.001t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1203t1486t1496t1499.001t1499.002t1499.003t1505.004t1565t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnettelnet bruteforcetelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotvncvnc bruteforcevnc protocolvoipvoip attackvulnerability scanvultrweb application attackweb exploitationweb traffic

Activity Timeline

1 total obs
May 20May 20

Threat Activity Heatmap

· Peak: 2026-05-20
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
18
Reports
First seenFeb 5, 2026
Last seenMay 20, 2026
GeolocationCN
CountryChina
LocationShanghai, Shanghai
ASNAS45090
OrgTencent cloud computing (Beijing) Co., Ltd.
Coords34.7732, 113.7220
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 124.220.0.0 - 124.223.255.255 netname: TencentCloud descr: Tencent cloud computing (Beijing) Co., Ltd. descr: Floor 6, Yinke Building, 38 Haidian St, Haidian District Beijing country: CN admin-c: JT1125-AP tech-c: JX1747-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-TENCENTCLOUD-CN last-modified: 2023-11-28T00:57:04Z source: APNIC irt: IRT-TencentCloud-CN address: 9F, FIYTA Building, Gaoxinnanyi Road, Southern address: District of Hi-tech Park, Shenzhen e-mail: [email protected] admin-c: JT1125-AP tech-c: JX1747-AP abuse-mailbox: [email protected] remarks: [email protected] was validated on 2025-10-29 remarks: [email protected] was validated on 2025-10-29 auth: # Filtered mnt-by: MAINT-CNNIC-AP last-modified: 2025-11-18T00:34:40Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-19T17:20:32Z source: APNIC person: James Tian address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-84952 e-mail: [email protected] nic-hdl: JT1125-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-19T08:21:31Z source: APNIC person: Jimmy Xiao address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-80224 e-mail: [email protected] nic-hdl: JX1747-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-17T00:38:09Z source: APNIC route: 124.220.0.0/14 origin: AS45090 descr: China Internet Network Information Center Floor1, Building No.1 C/-Chinese Academy of Sciences 4, South 4th Street Haidian District, mnt-by: MAINT-CNNIC-AP last-modified: 2021-10-11T01:50:32Z source: APNIC
references
https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 27 days ago
Appeared in 18 threat reports