IOC Radar
IPMediumSignal 58/100

47.89.192.23

Location
United StatesUnited States
Minkler, California
ASN
AS45102
Alibaba Cloud - US
First Seen
Jun 26, 2024
Last Seen
Jun 6, 2026
Jun 26
First Seen
717d ago
Jun 6
Last Seen
7d ago
22
Reports
source reports
58%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryUSUnited States
RegionMinkler, California
ASNAS45102
OrganizationAlibaba Cloud - US

Feed Intelligence Summary

22 reports58% confidence
22
Source reports
58%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseactive scanactive scanningapacheapache attackeraptasiaatif feedattackattack attemptattacker ipattacker-ipaustraliaauto-generated securityautomated attackbad reputationbad web botbanlist feedbinary defenseblacklist candidateblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebruteforcec2c2 communicationcertcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised hostsconnect scancowriecowrie honeypotcowrie interactionscredential accesscredential compromise attemptcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attack indicatorsddos attacksdecoy systemdenial of servicedigital oceandionaeadionaea honeypotdionaea interactionsdistributed attacksdnsdns attackencryptionenumerationeuropeexploitexploit kit activityexploitation activityexploited hostexternal threatexternal_threatfattfatt signaturesfin scanfinlandfrancefraud voipftpftp brute forcegermanyhackinghoneynet connecthoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scanneridentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial-accessinjection activityinjection attacksinternet of thingsinternet scanintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4 scanningipv4_addressjapankazakhstankaznetlateral movementlogin attemptmailoney honeypotmailoney interactionsmalicious activitymalicious ipmalicious softwaremalicious-ipmalwaremalware behaviourmalware capturemalware distributionmanualmass scanningmiraimirai botnetmssqlnetworknetwork attacksnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnetwork-servicenetwork_scanningnorth americanull scanoceaniap0fp0f signaturespassword attackpassword attackspassword crackingphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible reconnaissance activitypotential vulnerability probingprocess injectionprotocol exploitationransomwareransomware activityratreconnaissanceremote accessremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsservice detectionservice enumerationservice scanslugsmbsmtpsmtp brute forcesmtp probingsocial engineeringsocradarspamsql injectionsql injection attemptssql-injectionsshssh attackssh monitoringsurface websuricata alertssyn scant1016t1018t1021t1021.001t1021.002t1040t1046t1053t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1550.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1573t1583t1583.001t1583.002t1587.001t1589t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcptcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat-intel-feedthreat_discoverythreat_intelligencetor nodetpotudp port scanudp scanunauthorized access attemptunited statesunited states of americausvoidtrapvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application attacksweb attackweb exploitationweb spamweb trafficweb-attackxmas scan

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
22
Reports
First seenJun 26, 2024
Last seenJun 6, 2026
GeolocationUS
CountryUnited States
LocationMinkler, California
ASNAS45102
OrgAlibaba Cloud - US
Coords34.0544, -118.2440

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
Alibaba Cloud LLC AL-3 (NET-47-88-0-0-1) 47.88.0.0 - 47.91.255.255 Alibaba Cloud - US ALIBABA CLOUD - US (NET-47-89-192-0-1) 47.89.192.0 - 47.89.255.255
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://threats.kz, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 22 threat reports