IOC Radar
IPMediumSignal 45/100

148.153.56.84

Location
United StatesUnited States
Los Angeles, California
ASN
AS63199
CDS Global Cloud Co., Ltd
First Seen
Jun 6, 2025
Last Seen
May 6, 2026
Jun 6
First Seen
373d ago
May 6
Last Seen
39d ago
15
Reports
source reports
45%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryUSUnited States
RegionLos Angeles, California
ASNAS63199
OrganizationCDS Global Cloud Co., Ltd

Feed Intelligence Summary

15 reports45% confidence
15
Source reports
45%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotanomalous network connectionsapacheapache attackerasiaattackaustraliaauthentication attacksbad reputationbad web botbankingblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsc2c2 communicationchina mobilecisco asacisco devicecisco exploitationcolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised hostcompromised hostscompromised system detectioncompromised systemsconpot activityconpot honeypotcowrie honeypotcowrie honeypot detectioncowrie interactioncowrie interactionscredential accesscredential harvestingcredential stuffingcredit card servicesdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase enumerationdatabase exploitation attemptsdatabase securityddosddos attackddos attacksddos attemptdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaea honeypotdionaea interactionsdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit kit activityexploitation activityexploitation attemptsfattfinancefinancial servicesfinancial technologyfinlandfranceftpftp brute forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usics securityidentity & access exploitationindicatorindustrial control systemsinjection activityinjection attacksintrusion detectioniociot device targetingiot securityiot/ics attackipphoney activityipphoney honeypotlamplamp stack attackslamp stack targetedlateral movementlogin attemptmail protocol abusemailoney honeypotmalicious activitymalicious activity detectedmalicious email activitymalicious ip activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware-related botnet activitynetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americaoceaniap0fpassword attackpassword attackspayment processingpgp signphishingphishing attackphishing trappolandpossible botnet activitypossible botnet infectionpossible malware activitypossible malware distributionpossible malware probingpossible malware propagationpotential exploitpotential malware distributionprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote access abuseremote service exploitationremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetservice scansftp access attemptsftp activitysftp attacksftp attackssip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotspamssh attackssh monitoringt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencetimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited statesusus abuseus nonevalid accountsvoipvoip attackwealth managementweb application attackweb application attacksweb application scanningweb attackweb exploitationweb scannerweb spamweb traffic

Activity Timeline

1 total obs
May 6May 6

Threat Activity Heatmap

· Peak: 2026-05-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
15
Reports
First seenJun 6, 2025
Last seenMay 6, 2026
GeolocationUS
CountryUnited States
LocationLos Angeles, California
ASNAS63199
OrgCDS Global Cloud Co., Ltd
Coords34.0544, -118.2440

VirusTotal

Not checked

WHOIS

description
The following is the full text of the DShield.org block list, compiled by the organisation's own staff and copyrighted by its own developers, subject to copyright and other conditions, and is copyrighted. Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
raw
NetRange: 148.153.0.0 - 148.153.255.255 CIDR: 148.153.0.0/16 NetName: CDSC-1 NetHandle: NET-148-153-0-0-1 Parent: NET148 (NET-148-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: CDS Global Cloud Co., Ltd (CDSC-1) RegDate: 2016-01-12 Updated: 2016-01-12 Ref: https://rdap.arin.net/registry/ip/148.153.0.0 OrgName: CDS Global Cloud Co., Ltd OrgId: CDSC-1 Address: 4105 W Spring Creek Pkwy,#606 City: Plano StateProv: TX PostalCode: 75024 Country: US RegDate: 2014-06-02 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/CDSC-1 OrgTechHandle: LILIN8-ARIN OrgTechName: Li, Lin OrgTechPhone: +1-469-744-2718 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/LILIN8-ARIN OrgNOCHandle: ARINS11-ARIN OrgNOCName: ARIN Support OrgNOCPhone: +1-817-846-4492 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/ARINS11-ARIN OrgTechHandle: ARINS11-ARIN OrgTechName: ARIN Support OrgTechPhone: +1-817-846-4492 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ARINS11-ARIN OrgAbuseHandle: ABUSE8407-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-617-545-4603 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8407-ARIN OrgTechHandle: LAWRE323-ARIN OrgTechName: Lawrence, Leo OrgTechPhone: +1-213-375-3998 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/LAWRE323-ARIN OrgTechHandle: LINGT4-ARIN OrgTechName: Ling, Tao OrgTechPhone: +86-1051997733 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/LINGT4-ARIN
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 15 threat reports