IOC Radar
IPMediumSignal 65/100

8.138.5.105

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS37963
Alibaba.com LLC
First Seen
Jan 12, 2026
Last Seen
May 19, 2026
Jan 12
First Seen
153d ago
May 19
Last Seen
26d ago
17
Reports
source reports
65%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS37963
OrganizationAlibaba.com LLC

Feed Intelligence Summary

17 reports65% confidence
17
Source reports
65%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningaptasiaattackaustraliaauthentication attemptauthentication attemptsauthentication failureautomated attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackchinaciscocisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscncommand and controlcommunication protocolcompromised hostcowriecowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos attackddos attacksdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdistributed attacksenterprise networkingexploitexploitationexploitation activityexploited hostexternal threatfattfileftpftp brute forceftp brute-forcehackinghoneytrap datahoneytrap honeypothttp scannerhttp scanningidentity & access exploitationindicatorinitial accessinjection activityinternet of thingsintrusion detectioniot botnetiot securityiot targetediot/ics attacklamplamp server attacklamp stack attacklamp stack targetinglateral movementloginlogin attemptmailoney honeypotmalicious activitymalicious file transfermalicious ipmalicious softwaremalwaremalware behaviourmalware capturemiraimirai botnetnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisoceaniaopenctip0fpassword attackpassword attackspassword sprayingphishingphishing attackphishing trapping of deathpossible mirai variantprocess injectionprotocol exploitationransomwarereconnaissanceremote access attemptremote loginresearchedresource hijackingscanscannerscanning activitysecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionservice scansftpsftp access attemptsftp activitysftp attacksingaporesipsip brute forcesip scanningsmtpsocial engineeringsocradar honeypotspamsshssh attackssh monitoringt1021t1021.001t1021.004t1040t1041t1055t1059t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1595t1595.001t1595.002t1595.003tannertcptcp protocoltelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanunauthorized accessunauthorized access attemptsunauthorized login attemptsvoipvoip attackvulnerability scanweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 19May 19

Threat Activity Heatmap

· Peak: 2026-05-19
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
17
Reports
First seenJan 12, 2026
Last seenMay 19, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS37963
OrgAlibaba.com LLC
Coords1.3673, 103.8014

VirusTotal

Not checked

WHOIS

raw
inetnum: 8.128.0.0 - 8.159.255.255 netname: ALICLOUD descr: Aliyun Computing Co.LTD country: CN admin-c: ASEP1-AP tech-c: ASEP1-AP abuse-c: AA1926-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-ASEPL-SG mnt-irt: IRT-ASEPL-SG last-modified: 2021-04-14T01:11:45Z source: APNIC irt: IRT-ASEPL-SG address: 1 Raffles Place e-mail: [email protected] abuse-mailbox: [email protected] admin-c: ASEP1-AP tech-c: ASEP1-AP auth: # Filtered remarks: [email protected] was validated on 2025-12-09 mnt-by: MAINT-ASEPL-SG last-modified: 2025-12-09T07:58:21Z source: APNIC role: ABUSE ASEPLSG country: ZZ address: 1 Raffles Place phone: +000000000 e-mail: [email protected] admin-c: ASEP1-AP tech-c: ASEP1-AP nic-hdl: AA1926-AP remarks: Generated from irt object IRT-ASEPL-SG remarks: [email protected] was validated on 2025-12-09 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-12-09T07:58:36Z source: APNIC role: Alibabacom Singapore E-Commerce Private Limited a address: 1 Raffles Place #59-00 One Raffles Place, Tower One Singapore, Singapore country: SG phone: +86-571-85022088 fax-no: +86-571-85022088 e-mail: [email protected] admin-c: ASEP1-AP tech-c: ASEP1-AP nic-hdl: ASEP1-AP mnt-by: MAINT-ASEPL-SG last-modified: 2025-07-01T06:25:24Z source: APNIC route: 8.138.5.0/24 origin: AS37963 descr: Alibaba.com Singapore E-Commerce Private Limited 8 Shenton Way, #45-01 AXA Tower, Singapore 068811 mnt-by: MAINT-ASEPL-SG last-modified: 2020-02-25T09:31:54Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 26 days ago
Appeared in 17 threat reports