IOC Radar
IPMediumSignal 45/100

47.120.59.90

Location
ChinaChina
Shenzhen, Guangdong
ASN
AS37963
Alibaba.com LLC
First Seen
May 1, 2024
Last Seen
Apr 27, 2026
May 1
First Seen
773d ago
Apr 27
Last Seen
47d ago
17
Reports
source reports
45%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryCNChina
RegionShenzhen, Guangdong
ASNAS37963
OrganizationAlibaba.com LLC

Feed Intelligence Summary

17 reports45% confidence
17
Source reports
45%
Confidence score
Category tags
abuseabuseipdbaccessaccess controlackactionactive scanactive scanningasiaattackauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attacksc2certchinacncommand & controlcommand and controlcommunication protocolconfigconnectcowriecowrie detectedcowrie honeypotcredential accesscredential harvestingcredential stuffingcssdata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedictionary attackdionaeadionaea detecteddionaea honeypotdistributed attackselasticpot detectedelasticpot honeypotelasticsearch monitoringemailexecutable fileexploitexploit attemptexploit attemptsexploitation activityfinfirewall evasionftpftp brute forcegithubgroupshoneytrap honeypothttp brute forcehttp request anomalyicmpidentity & access exploitationindicatorinfoinfrastructure acquisitionreconnaissanceinjection activityiot securitylamplinuxmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemanualnetworknetwork activitynetwork attacksnetwork discoverynetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securityopen port identificationopen portspassword attackpassword attacksphishingphishing attackphishing trappingpossible malicious activityprocess injectionprotocol exploitationpythonransomwarereconnaissanceredis honeypotredishoneypotremote accessremote servicesresearchedresource hijackingrtbhscannerscriptscripting attackssecurity policysentrypeer botnetserverservice enumerationsftpsftp attacksipsip brute forcesip scanningslugsocial engineeringsocradarsql injection attemptsql injection attemptssshssh attackssh monitoringsurface websynt1016t1016.001t1018t1021t1021.001t1040t1041t1046t1055t1059t1059.004t1059.007t1068t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003tannertanner detectedtargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunauthorized accessvoipvoip attackweb attackweb exploitationxmas

Activity Timeline

1 total obs
Apr 27Apr 27

Threat Activity Heatmap

· Peak: 2026-04-27
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
17
Reports
First seenMay 1, 2024
Last seenApr 27, 2026
GeolocationCN
CountryChina
LocationShenzhen, Guangdong
ASNAS37963
OrgAlibaba.com LLC
Coords22.5318, 114.1374

VirusTotal

Not checked

WHOIS

description
2025-04-21T02:08:27.000Z Honeypot : Redishoneypot : Source: 47.120.59.90 : Port: 6379 Action: NewConnect Message:
raw
inetnum: 47.120.0.0 - 47.127.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN admin-c: ZM1015-AP tech-c: ZM877-AP tech-c: ZM876-AP tech-c: ZM875-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-CNNIC-CN last-modified: 2022-09-04T21:47:58Z source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. remarks: [email protected] is invalid mnt-by: MAINT-CNNIC-AP last-modified: 2025-11-17T23:08:37Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-19T17:20:32Z source: APNIC person: Li Jia address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou country: CN phone: +86-0571-85022088 e-mail: [email protected] nic-hdl: ZM1015-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:12:42Z source: APNIC person: Guoxin Gao address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022600 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM875-AP mnt-by: MAINT-CNNIC-AP last-modified: 2014-07-30T01:56:01Z source: APNIC person: security trouble e-mail: [email protected] address: 5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen??r Road address: Hangzhou, Zhejiang, China phone: +86-0571-85022600 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: ZM876-AP last-modified: 2025-07-01T07:06:11Z source: APNIC person: Guowei Pan address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022088-30763 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:05:46Z source: APNIC route: 47.120.59.0/24 descr: Alibaba (US) Technology Co., Ltd. origin: AS37963 mnt-by: MAINT-CNNIC-AP last-modified: 2020-07-10T05:56:52Z source: APNIC route: 47.120.59.0/24 descr: Alibaba (US) Technology Co., Ltd. origin: AS45102 mnt-by: MAINT-CNNIC-AP last-modified: 2020-07-10T05:57:22Z source: APNIC
references
https://github.com/telekom-security/tpotce, http://cinsscore.com/list/ci-badguys.txt, https://list.rtbh.com.tr/output.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 17 threat reports