IOC Radar
IPMediumSignal 100/100

47.246.68.13

Location
ThailandThailand
Bangkok, Bangkok
ASN
AS45102
Alibaba.com LLC
First Seen
Jan 9, 2021
Last Seen
May 31, 2026
Jan 9
First Seen
1981d ago
May 31
Last Seen
13d ago
15
Reports
source reports
99%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryTHThailand
RegionBangkok, Bangkok
ASNAS45102
OrganizationAlibaba.com LLC

IP Category

Hosting
Hosting provider

Feed Intelligence Summary

15 reports99% confidence
15
Source reports
99%
Confidence score
Category tags
abuseactive scanactive scanningaerospace & defenseagainst presentai applicationsai infrastructureai researchai securityai solutionsalibabaamosandroid appandroid bankingandroid trojananti-debugginganti-vmaptartificial intelligenceasiaatomic macosatomic macos stealerauto-generated securitybad reputationbad web botbeyondbotnetbotnet activitybrute forcebrute_forcec2 communicationc2 serverchina-nexus aptcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecode executioncommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescomputer securitycomputer visioncontactcredential accesscredential dumpingcredential harvestingcredential stuffingcredential theftcredential_accesscryptocurrencycryptocurrency threatscryptojackingcvecyber attackscyber espionagecyber newscyber riskcyber security newscyber security updatescyber updatesdata breachdata encryptiondata exfiltrationdata poisoningdata store exposuredecoy systemdeep learningdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydemodiseasedistributed attacksdll injectiondmitry kalinindownload filedriver loadingencrypted communicationencryptionenergyenergy distributionexploitexploitation activityextortionfileless malwarefilesfinancefindftpftp brute forcefuturegithubgoogle drivegpkigpuhacker newshackinghacking newshookhookshow to hackhttp scannerhttpshybridicmpidentity & access exploitationimpactin the wildindicatorindonesiainformation securityinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinsideinsiktinsikt groupinstalliot securityit infrastructurejuniperkalininkernel exploitkilllateral movementlauncherlearnlinuxmachine learningmacosmalicious activitymalicious downloadmalicious softwaremalwaremalware distributionmanualmarkopolomedusamicromilitary operationsmobilemobile carriersmobile networksmobile securitymobile threatmodel poisoningmopsledmulti-cloud managementnation-state activitynational securitynatural language processingnetworknetwork device compromisenetwork intrusion attemptnetwork reconnaissancenetwork scanningnetwork securitynetwork_reconnaissancenewsnormal filenorth americanvidiaoil & gasphishingphishing attackpower generationpower systemsprocess injectionprotectprotocol exploitationproxypythonransomwarercereconnaissancerecorded futureregistry run keysremote accessremote access toolremote code executionremote servicesrenewable energyreportsreptileresearchedresource hijackingrhttpproxyriskrootkitscannerscheduled tasksecurity operationssingaporesmallsocial engineeringsoftware developmentsoftware exploitationsoftware vulnerabilitysoumnibotsouth koreassh attackstealcstealerstopsuomisupply chainsupply chain attacksupply chain vulnerabilitysystem disruptiont1003t1005t1014t1021t1021.001t1027t1036t1040t1041t1049t1053t1055t1056t1059t1059.004t1064t1068t1071t1071.001t1074t1076t1078t1090t1095t1105t1110t1110.002t1134t1140t1190t1192t1199t1203t1205t1210t1219t1486t1490t1496t1499t1499.002t1499.003t1505t1542t1543t1547t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1573t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003t1601tacacstacacs servertelecom servicestelecommunicationstelnet threatththailandthe hacker newsthreat actorthreat intelligencetinyshelltokentor nodetrend microtrend visiontriton inference servertsectwitteruefi bootkitunauthorized accessunc3886united statesuploadurlsvmwarevoicevortaxvulnerabilityvulnerability scanweb app attackweb trafficwmi event subscriptionwrite

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
15
Reports
First seenJan 9, 2021
Last seenMay 31, 2026
GeolocationTH
CountryThailand
LocationBangkok, Bangkok
ASNAS45102
OrgAlibaba.com LLC
Coords13.7563, 100.5020
Hosting

VirusTotal

Not checked

WHOIS

description
Imported indicator
raw
inetnum: 47.0.0.0 - 47.255.255.255 netname: IANA-NETBLOCK-47 descr: This network range is not allocated to APNIC. descr: descr: If your whois search has returned this message, then you have descr: searched the APNIC whois database for an address that is descr: allocated by another Regional Internet Registry (RIR). descr: descr: Please search the other RIRs at whois.arin.net or whois.ripe.net descr: for more information about that range. country: AU admin-c: IANA1-AP tech-c: IANA1-AP remarks: For general info on spam complaints email [email protected]. remarks: For general info on hacking & abuse complaints email [email protected]. mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:28Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references
https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations, Cyber Threat Advisory - Chained Vulnerabilities in NVIDIA Triton Expose AI Servers to Remote Code Execution.pdf, https://www.trendmicro.com/en_us/research/25/g/revisiting-unc3886-tactics-to-defend-against-present-risk.html, https://thehackernews.com/2024/04/new-android-trojan-soumnibot-evades.html

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 13 days ago
Appeared in 15 threat reports