IOC Radar
IPMediumSignal 58/100

59.110.239.11

Location
ChinaChina
Beijing, BJ
ASN
AS37963
Aliyun Computing Co., LTD
First Seen
May 17, 2023
Last Seen
Jun 5, 2026
May 17
First Seen
1124d ago
Jun 5
Last Seen
10d ago
28
Reports
source reports
58%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryCNChina
RegionBeijing, BJ
ASNAS37963
OrganizationAliyun Computing Co., LTD

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

28 reports58% confidence
28
Source reports
58%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadbhoney honeypotadministrative accessaerospace & defenseapacheapache attackeraptasiaasset discoveryattackaustraliaauto-generated securityautomated attackautomated-attackautomated_attackbad ip'sbad reputationbad web botbankingblacklist candidateblacklist ipblocklist_allblog spambotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcebruteforcecanadachinacisco devicecisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescncommand and controlcommand injectioncommunication protocolcommunication technologiescompromised credentials attemptcompromised hostconpot honeypotconsumer goodscowriecowrie honeypotcowrie interactionscredential accesscredential attackcredential harvestingcredential stuffingcredential theftcredit card servicesdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksddos probedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandigitalocean environmentdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackdos attackelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeuropeexploitexploit attemptsexploit probingexploitationexploitation activityexploitation attemptexploitation of vulnerabilityexploited hostexternal scanexternal-scanningexternal_threatfattfatt analysisfatt detectionsfatt signaturesfin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfrancefraudfraudulent activityftpftp attackftp attacksftp brute forcegermanyhackinghoneynet connecthoneytrap activityhoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhydraics securityidentity & access exploitationimapinbound scanindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access vectorinitial_accessinjection activityinjection attacksinternal scaninternet exposedinternet facing assetinternet of thingsinternet-facinginternet-wide monitoringinternet-wide scaninternet_wide_scanintrusion detectioniot botnetiot securityiot/ics attackipqsipv4ipv4_indicatorsit infrastructurelamplateral movementlogin attemptmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious ipmalicious ipsmalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmasscanmediamilitary operationsmiraimirai botnetmobile carriersmobile networksnational securitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork-reconnaissancenetwork_scannmapnorth americanull scanoceaniaopenctioperating systemoperating system securityp0fp0f signaturespassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathpolandportscanpossible credential reusepossible exploit attemptspotential vulnerability probingpotential vulnerability scanprivilege escalationprobingprocess injectionprotocol exploitationproxyproxy detectionproxy protocolransomwarerdprdp exploitationreconnaissancereconnaissance activityredis honeypotremote accessremote servicesresearchedresource hijackingretail tradescams & fraudscanscannerscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice probingservice scansftp attackshell access attemptssip attackssip brute forcesip scanningsmtpsmtp attackssmtp brute forcesmtp probingsocial engineeringsoftware developmentspamspammingsql injectionsql injection attemptsshssh attackssh attacksssh exploitationssh monitoringsuricata alertssyn scansystem accesst-pott1016t1018t1021t1021.001t1021.002t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1069.001t1071t1071.001t1076t1077t1078t1078.004t1083t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1587.001t1589t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcptcp protocoltcp scantcp scanningtcp-scanningtelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat_intelligencetor detectiontor nodetpotudp scanudp-scanningunauthorized access attemptunited statesvnc protocolvoipvoip attackvpnvpn detectionvulnerability scanvultrvultr_platform_activitywealth managementweb app attackweb application attackweb attackweb attacksweb exploitweb exploitationweb scannerweb spamweb trafficwebscanwebscannerxmas scan

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
28
Reports
First seenMay 17, 2023
Last seenJun 5, 2026
GeolocationCN
CountryChina
LocationBeijing, BJ
ASNAS37963
OrgAliyun Computing Co., LTD
Coords39.9285, 116.3850
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 59.110.0.0 - 59.110.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN admin-c: ZM1015-AP tech-c: ZM877-AP tech-c: ZM876-AP tech-c: ZM875-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-ALISOFT-CN last-modified: 2023-11-28T00:58:19Z source: APNIC irt: IRT-ALISOFT-CN address: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: ZM877-AP tech-c: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-05T23:38:36Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Li Jia address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou country: CN phone: +86-0571-85022088 e-mail: [email protected] nic-hdl: ZM1015-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:12:42Z source: APNIC person: Guoxin Gao address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022600 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM875-AP mnt-by: MAINT-CNNIC-AP last-modified: 2014-07-30T01:56:01Z source: APNIC person: security trouble e-mail: [email protected] address: 5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen??r Road address: Hangzhou, Zhejiang, China phone: +86-0571-85022600 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: ZM876-AP last-modified: 2025-07-01T07:06:11Z source: APNIC person: Guowei Pan address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022088-30763 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:05:46Z source: APNIC route: 59.110.0.0/16 descr: Hangzhou Alibaba Advertising Co.,Ltd. country: CN origin: AS37963 mnt-by: MAINT-CNNIC-AP last-modified: 2019-08-07T23:28:06Z source: APNIC route: 59.110.0.0/16 descr: Alibaba (US) Technology Co., Ltd. country: CN origin: AS45102 mnt-by: MAINT-CNNIC-AP last-modified: 2019-08-07T23:28:04Z source: APNIC
references
https://www.ipqualityscore.com/sample-ip-blacklist.txt, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-10/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-05-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-04/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-02/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 10 days ago
Appeared in 28 threat reports