IPMediumSignal 45/100
154.201.87.30
Location
Hong KongHong Kong, CA
ASN
AS401696
High Family Technology Co
First Seen
Nov 11, 2024
Last Seen
Mar 31, 2026
Nov 11
First Seen
579d ago
Mar 31
Last Seen
74d ago
8
Reports
source reports
45%
Confidence
medium
10/91
VirusTotal
detections
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryHong Kong
Hong KongRegionHong Kong, CA
ASNAS401696
OrganizationHigh Family Technology Co
Feed Intelligence Summary
8 reports45% confidence
8
Source reports
45%
Confidence score
Category tags
active scanactive scanningamadeyapplication layer protocolarmasciiasiaastraloaderasyncratattackbackdoorbotnetbotnet activitybotnetdomainbrute forcebrute force attackcobalt-strikecobaltstrikecoinminercommand and controlcommunication protocolcowrie honeypotcredential accesscredential harvestingcredential stuffingcryptocurrencydarktortilladata exfiltrationdata store exposuredbatloaderdcratddosddos attacksdecoy systemdenial of servicedistributed attacksdlldonutloaderelfencodedexeexecutable fileexploitation activityftpftp brute forcegafgytgh0stratghostratguloaderhajimehong konghtaidentity & access exploitationindicatorinfostealerinjection activityinternet of thingsiot botnetiot securityiot/ics attackjerryratkaijikeyloggerlummastealermalicious activitymalicious softwaremalwaremarsstealermeduzastealermetasploitmeterpretermipsmirai botnetmoobotmozinetworknetwork attacksnetwork enumerationnetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnorth americaopendirpassword attackspayload.binphishingphishing attackprocess injectionprotocol exploitationransomwareratreconnaissanceredlinestealerremcos trojanremcosratremote accessremote servicesresearchedresource hijackingrev-base64-loadersaint helena, ascension and tristan da cunhasc.onsentrypeer botnetservice scanseychellessftp attacksocial engineeringssh attackssh monitoringstrelastealert1021t1021.001t1027t1040t1041t1046t1055t1059t1059.003t1068t1071.001t1076t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1589t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelecommunicationstelnet threattest.txtthreat actortor nodeua-wgetudp scanunited statesvbsvoipvoip attackwormxwormzip
Activity Timeline
Mar 31Mar 31
Threat Activity Heatmap
· Peak: 2026-03-31LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
8
Reports
First seenNov 11, 2024
Last seenMar 31, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, CA
ASNAS401696
OrgHigh Family Technology Co
Coords34.0544, -118.2440
WHOIS
- description
- CC=PK ASN=ASNone
- raw
- inetnum: 154.0.0.0 - 154.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: APNIC-HM mnt-lower: APNIC-HM status: ALLOCATED PORTABLE last-modified: 2015-08-28T00:31:22Z source: APNIC mnt-irt: IRT-APNIC-AP irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP auth: # Filtered remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 mnt-by: APNIC-HM last-modified: 2023-08-18T00:42:38Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
- references
- https://www.virustotal.com/graph/g79edcbcf536d4d37b4088fb951bb1561949f97e1954f4f3a83ac986fb6b0568c, https://www.virustotal.com/graph/g54a324b5059e492f9d1d201519cad2aa0dad7dcdd131461ebc59853311acd782, https://urlhaus.abuse.ch/browse/, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 8 threat reports