IOC Radar
IPMediumSignal 88/100

144.31.1.147

Location
PolandPoland
Warsaw, Mazovia
ASN
AS215730
H2nexus LTD
First Seen
Feb 13, 2026
Last Seen
May 27, 2026
Feb 13
First Seen
130d ago
May 27
Last Seen
27d ago
8
Reports
source reports
88%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
88%
Signal Score
88 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryPLPoland
RegionWarsaw, Mazovia
ASNAS215730
OrganizationH2nexus LTD

Feed Intelligence Summary

8 reports88% confidence
8
Source reports
88%
Confidence score
Category tags
abuse.ch threatfoxabusech-threatfox-c2cactive scanalibaba cloud hostingasyncratauto-generatedautomated analysisautomated osintbad reputationbotnet activitybrute forcebrute ratel c4c2c2 communicationc2 frameworkc2 infrastructurec2-communicationc2-infrastructurecertcode executioncommand & controlcommand and controlcommand executioncompromised hostcredential accesscredential harvestingcredential stealercredential stealingcredential stuffingcredential-theftdata encryptiondata exfiltrationdata store exposureddosddos attacksdeimosc2encryptioneuropeexfiltrationexploitation activityextortionghost ratghost rat c2httpsidentity & access exploitationindicatorinformation stealerinformation stealinginfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinternet of thingsintrusion detectioniociocsiot botnetiot securityiot/ics attackipslateral movementmalicious domainmalicious domainsmalicious hashesmalicious network trafficmalicious softwaremalwaremalware campaign activitymalware campaign analysismalware campaign detectionmalware communicationmalware distributionmalware distribution campaignmalware familymalware infectionmalware-distributionmeterpretermirai botnetmirai c2netsupportmanagernetsupportmanager ratnetsupportmanager rat c2networknetwork communicationnetwork securitynetwork trafficnjratnorth americaosintosint feedosint-volleyphishingphishing attackplpolandpost-compromiseprocess injectionquasar ratransom demandransomwareransomware activityratremcos trojanremote accessremote access toolremote access trojanremote servicesresearchedscams & fraudscannersectopratself-signed certificateself-signed certificatesself-signed-certificatesliversliver c2social engineeringsoftware exploitationsslssl certificatessl certificatesstealcstealc c2stealersystem disruptiont1003t1005t1021t1021.001t1027t1040t1041t1046t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1069t1071t1071.001t1078t1105t1189t1203t1204t1204.002t1205t1210t1219t1486t1490t1496t1499.001t1499.002t1547t1565t1566t1566.001t1566.002t1566.003t1568t1573t1573.001t1587.001t1588t1590.001targeting databasethreat actorthreat intelligencethreatfox apithreatfox feedtor nodetrojan malwarettpsunited statesunknown malwareunknown stealerunknown-malwareunknown-stealervalleyratxtreme ratxworm

Activity Timeline

1 total obs
May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
88
SIGNAL
Signal Score
88%
Confidence
8
Reports
First seenFeb 13, 2026
Last seenMay 27, 2026
GeolocationPL
CountryPoland
LocationWarsaw, Mazovia
ASNAS215730
OrgH2nexus LTD
Coords52.2297, 21.0122

VirusTotal

Not checked

WHOIS

raw
NetRange: 144.31.0.0 - 144.31.255.255 CIDR: 144.31.0.0/16 NetName: RIPE NetHandle: NET-144-31-0-0-1 Parent: NET144 (NET-144-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2025-08-19 Updated: 2025-08-19 Ref: https://rdap.arin.net/registry/ip/144.31.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
references
https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://threatfox.abuse.ch

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 27 days ago
Appeared in 8 threat reports