IOC Radar
IPMediumSignal 82/100

39.105.31.193

Location
ChinaChina
Beijing, Beijing
ASN
AS37963
Aliyun Computing Co., LTD
First Seen
Oct 9, 2021
Last Seen
Apr 30, 2026
Oct 9
First Seen
1709d ago
Apr 30
Last Seen
44d ago
31
Reports
source reports
82%
Confidence
medium
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

94 techniques

Network Information

CountryCNChina
RegionBeijing, Beijing
ASNAS37963
OrganizationAliyun Computing Co., LTD

Feed Intelligence Summary

31 reports82% confidence
31
Source reports
82%
Confidence score
Category tags
abuseactive scanactive scanningadversary simulationadversary simulation toolagent teslaakamaialibabaamadeyandroidantiapi contactapkaptarmasciiasiaasyncratattackautoitavemariaratb5tubackdoorbad reputationbase64bashbeaconbeacon activitybeacon payloadbeaconing activitybeaconing trafficbitbucketblankgrabberbotnetbotnet activitybotnetdomainbraodobraodo stealerbrute forcec2c2 communicationc2 frameworkc2 servercensyschinacncobaltcobalt strikecobaltstrikecode executioncode injectioncoinminercommand & controlcommand and controlcommand executioncommunication obfuscationcompromise assessmentcompromised systemconfigcovert communicationcredential accesscredential harvestingcredential stuffingcryptocurrencyctacurldata encryptiondata exfiltrationdata store exposuredata theftddosddos attacksdefault credentialsdistributed attacksdlldropped-by-amadeye-commerceelfemotetencodedencryptioneuropeexeexecutable fileexploitation activityextortionfakecaptchafeedfindflawedammyratflawedammyyratfraudftp brute forcegafgytgh0stratgh0strat activity detectedgh0strat malware activityglobalguloadergzhajimehavochijackloaderhotspothtahtmlhuaweiidatloaderidentity & access exploitationimgindicatorindicators of compromiseinfoinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinit-moduleinjection activityinternet of thingsiociocsiotiot botnetiot securityiot/ics attackircbotit infrastructurejqueryjsladvixlateral movementlateral movement techniqueslinkedin pagelivelnklummalummastealermalicious activitymalicious powershell activitymalicious softwaremalwaremalware analysismalware distributionmalware implantmanualmatanbuchusmedia & entertainmentmetasploitmeterpretermipsmiraimirai botnetmobile threatmozinanocore ratnation-state activitynetsupportratnetworknetwork communicationnetwork enumerationnetwork probingnetwork scanningnetwork securitynetwork traffic analysisnjratopen-diropendiroperating systemparaguaypayloadpayload deliverypayload deploymentpayload generationpenetration testing toolpersistence mechanismphishingphishing attackphppost-exploitationpost-exploitation activitiespost-exploitation activitypost-exploitation frameworkpowershellprocess injectionprotectprotocol exploitationpurecrypterquasarratransomwareransomware feedratreconnaissancered teamredir-302remcosratremote accessremote access trojanremote servicesresearchedrev-base64-loaderreverse shellreverseshellsaint helena, ascension and tristan da cunhascams & fraudscanning activityscripting attackssecurity operationsself-signedsentinel mispserverservice discoveryshshellcodesliverslugsmoke loadersnakekeyloggersocial engineeringsoftware developmentsoftware exploitationssh attacksshdkitsslssl certificatestaging activitystealcstealerstrongsurface websystem disruptiont1003t1005t1016t1016.001t1018t1021t1021.001t1021.002t1025t1027t1039t1040t1041t1046t1047t1048t1048.003t1049t1053t1053.005t1055t1056t1057t1059t1059.001t1059.004t1059.007t1068t1069.001t1071t1071.001t1071.002t1076t1078t1078.003t1082t1083t1086t1087t1090t1090.001t1090.002t1090.003t1095t1105t1110t1110.002t1129t1133t1134t1189t1190t1195t1203t1204t1204.001t1204.002t1205t1210t1218t1486t1490t1496t1499.002t1499.003t1535t1543t1547t1547.001t1555t1563t1564t1565t1566t1566.001t1566.002t1566.003t1567t1567.002t1568t1569t1569.002t1572t1573t1573.001t1574t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003t1598tcp scanteam serverteam server detectiontelecommunicationtelnet threatthreat actorthreat feedthreat intelligencetor nodetwittertwitter pageua-wgetudp scanunixupxvbevbsvietnamvipkeyloggervulnerability scanweb exploitationwgetwsgidavxhidexml-opendirxoredxwormxwormnzip

Activity Timeline

1 total obs
Apr 30Apr 30

Threat Activity Heatmap

· Peak: 2026-04-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
31
Reports
First seenOct 9, 2021
Last seenApr 30, 2026
GeolocationCN
CountryChina
LocationBeijing, Beijing
ASNAS37963
OrgAliyun Computing Co., LTD
Coords39.9075, 116.3971

VirusTotal

Not checked

WHOIS

raw
inetnum: 39.96.0.0 - 39.108.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN admin-c: ZM1015-AP tech-c: ZM877-AP tech-c: ZM876-AP tech-c: ZM875-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-CNNIC-CN last-modified: 2021-06-16T01:29:48Z source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. mnt-by: MAINT-CNNIC-AP last-modified: 2021-06-16T01:39:57Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Li Jia address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou country: CN phone: +86-0571-85022088 e-mail: [email protected] nic-hdl: ZM1015-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:12:42Z source: APNIC person: Guoxin Gao address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022600 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM875-AP mnt-by: MAINT-CNNIC-AP last-modified: 2014-07-30T01:56:01Z source: APNIC person: security trouble e-mail: [email protected] address: 5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen??r Road address: Hangzhou, Zhejiang, China phone: +86-0571-85022600 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: ZM876-AP last-modified: 2025-07-01T07:06:11Z source: APNIC person: Guowei Pan address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022088-30763 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:05:46Z source: APNIC route: 39.104.0.0/14 descr: Hangzhou Alibaba Advertising Co.,Ltd. country: CN origin: AS37963 mnt-by: MAINT-CNNIC-AP last-modified: 2019-08-07T23:28:06Z source: APNIC route: 39.104.0.0/14 descr: Alibaba (US) Technology Co., Ltd. country: CN origin: AS45102 mnt-by: MAINT-CNNIC-AP last-modified: 2019-08-07T23:28:05Z source: APNIC
references
https://precisionsec.com/threat-intelligence-feeds/cobaltstrike/, https://urlhaus.abuse.ch/browse/, https://threatfox.abuse.ch/export/csv/recent/, https://raw.githubusercontent.com/openphish/public_feed/refs/heads/main/feed.txt, https://urlhaus.abuse.ch/downloads/text_online/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 1 month ago
Appeared in 31 threat reports