IPMediumSignal 100/100
8.221.140.90
Location
JapanTokyo, Tokyo
ASN
AS45102
Alibaba.com Singapore E-Commerce Private Limited
First Seen
Jun 28, 2024
Last Seen
Mar 11, 2026
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryJapan
JapanRegionTokyo, Tokyo
ASNAS45102
OrganizationAlibaba.com Singapore E-Commerce Private Limited
Feed Intelligence Summary
28 reports99% confidence
28
Source reports
99%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseack scanactive scanningadbhoney activityadbhoney honeypotaptasiaattackattacking-ipsaustraliaauthentication attemptsauto-generated securityautomated threatautomated-attackbad web botblacklist ipbotnetbotnet-activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcec2c2 communicationc2 servercanadacertcisco asacisco attackcisco devicecisco exploitation attemptscitrix securitycloud infrastructurecloud infrastructure attackcloud servicescode executioncommand and controlcommand executioncommand injectioncommunication protocolcompromised credentials attemptcompromised hostcompromised hostsconnectconnect scanconpotconpot activityconpot honeypotconpot ics attackcowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-stuffingcredential_accesscvedata encryptiondata exfiltrationdata theftdatabase attackdatabase attacksdatabase securityddosddos attackddos attacksddos probedecoy systemdenial of servicedevice managementdigital oceandionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdistributed attacksdnsemailemerging threatsenterprise networkingenterprise securityenumerationeuropeexploitexploit attemptexploit attemptsexploit probingexploitationexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfinfin port scanfin scanfinlandfrancefraud voipftpftp attackftp attacksftp brute forcegermanygithubgroupshackinghoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpshttps scanningics securityimapindicatorindicators-of-compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot/ics attackjapanjpknown malicious iplamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlinux-server-attacklogin attacklogin attemptlondonmailoney activitymailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious file transfermalicious network activitymalicious payloadmalicious scanmalicious softwaremalicious trafficmalicious-login-attemptsmalicious_activitymalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware propagationmanualmass scanningmirai botnetmssqlmysql brute forcenetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork_intrusionnorth americanull port scannull scanoceaniaopen port detectionopportunistic-attackos detectionp0fp0f network fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapphp exploitation attemptsping of deathpolandport-scanningpossible botnet activitypossible exploit attemptpossible malware distributionpossible malware dropperpossible mirai variantpossible vulnerability probingpotential compromisepotential intrusion attemptpotential threat activityprocess injectionprotocol exploitationprotocol-abuseproxy protocolpythonreconnaissancereconnaissance activityremote accessremote access attackremote servicesresearchedresource hijackingscanscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserver exploitationservice detectionservice discoveryservice enumerationsftpsftp access attemptsftp activitysftp attacksftp scanningsftp-attacksingaporesip attackssip brute forcesip scanningslugsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh-brute-forcestealthstealth scansurface websuricata alertssynsyn port scansyn scant-pott1005t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1213t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstanner web attacktcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventionthreat-intelligencetpottpotcetraffic anomaliesudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunauthorized-access-attemptunited kingdomunited statesunknown threat actorversion detectionvnc protocolvoipvoip attackvulnerability-scanningweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitationweb shell detectionweb spamweb trafficweb-application-attackxmasxmas port scanxmas scan
Activity Timeline
Mar 11Mar 11
Threat Activity Heatmap
· Peak: 2026-03-11LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
28
Reports
First seenJun 28, 2024
Last seenMar 11, 2026
GeolocationJP
CountryJapan
LocationTokyo, Tokyo
ASNAS45102
OrgAlibaba.com Singapore E-Commerce Private Limited
Coords1.3673, 103.8014
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=honeytrap, p0f, suricata; threshold?1; private IPs excluded.
- raw
- inetnum: 8.208.0.0 - 8.223.255.255 netname: ASEPL-SG descr: Alibaba Cloud (Singapore) Private Limited descr: 51 Bras Basah Road #03-06 Lazada One Singapore 189554, Singapore country: SG org: ORG-ASEP1-AP admin-c: ASEP1-AP tech-c: ASEP1-AP abuse-c: AA1926-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-ASEPL-SG mnt-routes: MAINT-ASEPL-SG mnt-irt: IRT-ASEPL-SG last-modified: 2023-11-09T06:37:20Z source: APNIC irt: IRT-ASEPL-SG address: 1 Raffles Place # 59-00 One Raffles Place, Tower One Singapore, Singapore e-mail: [email protected] abuse-mailbox: [email protected] admin-c: ASEP1-AP tech-c: ASEP1-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-14 mnt-by: MAINT-ASEPL-SG last-modified: 2025-04-14T07:19:15Z source: APNIC organisation: ORG-ASEP1-AP org-name: Alibaba Cloud (Singapore) Private Limited org-type: LIR country: SG address: 51 Bras Basah Road # 03-06 Lazada One Singapore 189554 phone: +8657185022088-76449 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2024-07-11T12:55:24Z source: APNIC role: ABUSE ASEPLSG country: ZZ address: 1 Raffles Place # 59-00 One Raffles Place, Tower One Singapore, Singapore phone: +000000000 e-mail: [email protected] admin-c: ASEP1-AP tech-c: ASEP1-AP nic-hdl: AA1926-AP remarks: Generated from irt object IRT-ASEPL-SG remarks: [email protected] was validated on 2025-04-14 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-14T07:19:41Z source: APNIC role: Alibabacom Singapore E-Commerce Private Limited a address: 1 Raffles Place #59-00 One Raffles Place, Tower One Singapore, Singapore country: SG phone: +86-571-85022088 fax-no: +86-571-85022088 e-mail: [email protected] admin-c: ASEP1-AP tech-c: ASEP1-AP nic-hdl: ASEP1-AP mnt-by: MAINT-ASEPL-SG last-modified: 2025-07-01T06:25:24Z source: APNIC route: 8.221.140.0/24 origin: AS134963 descr: Alibaba.com Singapore E-Commerce Private Limited 8 Shenton Way, #45-01 AXA Tower, Singapore 068811 mnt-by: MAINT-ASEPL-SG last-modified: 2020-01-20T08:01:20Z source: APNIC route: 8.221.140.0/24 origin: AS45102 descr: Alibaba.com Singapore E-Commerce Private Limited 8 Shenton Way, #45-01 AXA Tower, Singapore 068811 mnt-by: MAINT-ASEPL-SG last-modified: 2020-01-20T07:33:45Z source: APNIC
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 3 months ago
Appeared in 28 threat reports