IPMediumSignal 68/100
146.70.113.188
Location
Hong KongHong Kong, Hong Kong Island
ASN
AS9009
M247 Ltd HONG KONG
First Seen
Mar 21, 2025
Last Seen
May 12, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryHong Kong
Hong KongRegionHong Kong, Hong Kong Island
ASNAS9009
OrganizationM247 Ltd HONG KONG
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
8 reports68% confidence
8
Source reports
68%
Confidence score
Category tags
active scanactive scanningaptasiaasyncratbad reputationblacklisted ipsbotnetbotnet activitybotnet activity detectionbrute forcebrute force attemptsbrute_ratel_c4c&c communicationc2c2 communicationcobalt-strikecobaltstrikecommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscredential accesscredential harvestingcredential stuffingcredential theftdata encryptiondata exfiltrationdata store exposuredcratddosddos activityddos attacksdeimosdenial of servicedistributed attacksencryptioneuropeexploit kitexploitation activityextortionftphavochkhong konghookbothttp scannerhttpsidentity & access exploitationinjection activityircit infrastructuremalicious softwaremalwaremalware distributionmythicnetsupportratnetworknetwork attacksnetwork protocolnetwork scanningopendirpegasusphishingphishing attackprocess injectionproxyransomwarereconnaissanceremcosremcos trojanremote accessremote servicesresearchedreverse_sshromaniascanning activitysecurity operationssliversmtpsocial engineeringsoftware developmentspamspam distributionssh attacksupershellsystem disruptiont1003t1021t1021.001t1040t1046t1053t1055t1059t1059.003t1068t1071t1071.001t1078t1105t1110.002t1133t1190t1486t1490t1496t1497t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1573t1595.001t1595.002t1595.003tcp protocolthreat actorthreat intelligencetor nodeunknown groupvpnweb traffic
Activity Timeline
May 12May 12
Threat Activity Heatmap
· Peak: 2026-05-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
8
Reports
First seenMar 21, 2025
Last seenMay 12, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, Hong Kong Island
ASNAS9009
OrgM247 Ltd HONG KONG
Coords45.9968, 24.9970
VPN
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 146.0.0.0 - 146.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses country: AU admin-c: IANA1-AP tech-c: IANA1-AP abuse-c: AA1452-AP status: ALLOCATED PORTABLE remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ mnt-by: APNIC-HM mnt-lower: APNIC-HM mnt-irt: IRT-APNIC-AP last-modified: 2022-09-16T01:40:59Z source: APNIC irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP auth: # Filtered remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 mnt-by: APNIC-HM last-modified: 2023-08-18T00:42:38Z source: APNIC role: ABUSE APNICAP address: Brisbane, Australia country: ZZ phone: +000000000 e-mail: [email protected] admin-c: HM20-AP tech-c: NO4-AP nic-hdl: AA1452-AP remarks: Generated from irt object IRT-APNIC-AP remarks: [email protected] was validated on 2020-02-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2023-08-18T19:08:30Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://threatfox.abuse.ch/export/csv/recent/, https://x.com/drb_ra/status/1896386454034768257, https://x.com/drb_ra/status/1896386473726976391, https://x.com/drb_ra/status/1896452245065273749, https://x.com/drb_ra/status/1896452262010212521, https://x.com/drb_ra/status/1896452280393830905, https://x.com/drb_ra/status/1896452299339522541, https://x.com/drb_ra/status/1896452329974497482, https://x.com/drb_ra/status/1896452465492431246, https://x.com/drb_ra/status/1896452493845872999, https://x.com/drb_ra/status/1896452536925651328, https://x.com/drb_ra/status/1896452558966661226, https://x.com/drb_ra/status/1896452659445477593, https://x.com/drb_ra/status/1896452691175329809, https://x.com/drb_ra/status/1896452701849886952, https://x.com/drb_ra/status/1896452727028293931, https://x.com/drb_ra/status/1896452740294828380, https://x.com/drb_ra/status/1896452817868726385, https://x.com/drb_ra/status/1896452835891712374, https://x.com/drb_ra/status/1896518233521287181, https://x.com/drb_ra/status/1896518282837950595, https://x.com/drb_ra/status/1896518298323374080, https://x.com/drb_ra/status/1896518319701692627, https://x.com/drb_ra/status/1896518368972231064, https://x.com/drb_ra/status/1896593912233341366, https://x.com/drb_ra/status/1896607307368120473, https://x.com/drb_ra/status/1896607556631740525, https://x.com/drb_ra/status/1896633346358485382, https://x.com/drb_ra/status/1896633363903217903, https://x.com/drb_ra/status/1896633381733257591, https://x.com/drb_ra/status/1896633401593245841, https://x.com/drb_ra/status/1896633419616129271, https://x.com/drb_ra/status/1896633438511542577, https://x.com/drb_ra/status/1896633455590682643, https://x.com/drb_ra/status/1896633472875442356, https://x.com/drb_ra/status/1896633491858796900, https://x.com/drb_ra/status/1896634008790012151, https://x.com/drb_ra/status/1896634028373209518, https://x.com/drb_ra/status/1896634044986913019, https://x.com/drb_ra/status/1896634063957688576, https://x.com/drb_ra/status/1896634080986537994, https://x.com/drb_ra/status/1896634098749448454, https://x.com/drb_ra/status/1896634116654981245, https://x.com/drb_ra/status/1896634136645009650, https://x.com/drb_ra/status/1896634156630851638, https://x.com/drb_ra/status/1896634176272756924, https://x.com/drb_ra/status/1896634196682318169, https://x.com/drb_ra/status/1896634216533872831, https://x.com/drb_ra/status/1896634237123809724, https://x.com/drb_ra/status/1896634257482899600, https://x.com/drb_ra/status/1896653046157119746, https://x.com/drb_ra/status/1896655589918543931, https://x.com/drb_ra/status/1896655610361630913, https://x.com/drb_ra/status/1896655628464279731, https://x.com/drb_ra/status/1896671336493363615, https://x.com/drb_ra/status/1896671355460055097, https://x.com/drb_ra/status/1896671872970035340, https://x.com/drb_ra/status/1896671891768877423
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 8 threat reports