IPMediumSignal 68/100
156.225.26.6
Location
Hong KongHong Kong, Kowloon
ASN
AS401701
Vapeline Technology
First Seen
Feb 28, 2025
Last Seen
Apr 29, 2026
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryHong Kong
Hong KongRegionHong Kong, Kowloon
ASNAS401701
OrganizationVapeline Technology
Feed Intelligence Summary
9 reports68% confidence
9
Source reports
68%
Confidence score
Category tags
active scanasiaasyncratbotnetbotnet activitybrute forcec2c2 frameworkcobaltstrikecode executioncommand & controlcommand and controlcommand executioncredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredefense evasiondeimosdistributed attacksexploitation activityhak5_cloud_c2havochkhong konghookbotidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinjection activitymalicious softwaremalwaremanualmythicnetsupportratnetworkpegasusphishingphishing attackphishing campaignprocess injectionqakbotransomwareremcosremcos trojanremote accessremote access trojanremote servicesresearchedreverse_sshseychellessliversocial engineeringsoftware exploitationt1003t1021.001t1027t1055t1059t1059.003t1071t1071.001t1203t1204t1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1587.001t1590.001threat actortor node
Activity Timeline
Apr 29Apr 29
Threat Activity Heatmap
· Peak: 2026-04-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
9
Reports
First seenFeb 28, 2025
Last seenApr 29, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, Kowloon
ASNAS401701
OrgVapeline Technology
Coords22.2578, 114.1657
VirusTotal
Not checked
WHOIS
- description
- ip:port combination that is used for botnet Command&control (C&C)
- raw
- inetnum: 156.225.26.0 - 156.225.26.255 netname: Vapeline_Technology descr: Vapeline Technology country: US admin-c: CIS1-AFRINIC tech-c: CIS1-AFRINIC status: ASSIGNED PA mnt-by: CIL1-MNT mnt-by: LARUS-SERVICE-MNT source: AFRINIC # Filtered parent: 156.224.0.0 - 156.255.255.255 person: Cloud Innovation Support address: Ebene address: MU address: Mahe address: Seychelles phone: tel:+248-4-610-795 nic-hdl: CIS1-AFRINIC abuse-mailbox: [email protected] mnt-by: CIL1-MNT source: AFRINIC # Filtered
- references
- https://threatfox.abuse.ch/export/csv/recent/, https://x.com/drb_ra/status/1895727597775917337, https://x.com/drb_ra/status/1895727713304117503, https://x.com/drb_ra/status/1895727731574522137, https://x.com/drb_ra/status/1895727749907763626, https://x.com/drb_ra/status/1895727768073355763, https://x.com/drb_ra/status/1895727786050097499, https://x.com/drb_ra/status/1895728440810328145, https://x.com/drb_ra/status/1895728459009417699, https://x.com/drb_ra/status/1895728477242081727, https://x.com/drb_ra/status/1895728495768322260, https://x.com/drb_ra/status/1895728514588164291, https://x.com/drb_ra/status/1895728533701607580, https://x.com/drb_ra/status/1895728552219455547, https://x.com/drb_ra/status/1895728571341291979, https://x.com/drb_ra/status/1895728591427813508, https://x.com/drb_ra/status/1895728611484975315, https://x.com/drb_ra/status/1895728632158666753, https://x.com/drb_ra/status/1895728651557392477, https://x.com/drb_ra/status/1895728668821111159, https://x.com/drb_ra/status/1895728688387575886, https://x.com/drb_ra/status/1895728708385976645, https://x.com/drb_ra/status/1895728728757731542, https://x.com/drb_ra/status/1895728748877721806, https://x.com/drb_ra/status/1895728769769546166, https://x.com/drb_ra/status/1895788432921936229, https://x.com/drb_ra/status/1895788451544584537, https://x.com/drb_ra/status/1895788470897164776, https://x.com/drb_ra/status/1895788989782900853, https://x.com/drb_ra/status/1895795573850341460, https://x.com/drb_ra/status/1895795594414997978, https://x.com/drb_ra/status/1895796112130560443, https://x.com/drb_ra/status/1895908397649969429, https://x.com/drb_ra/status/1895908417761603935, https://x.com/drb_ra/status/1895908438032728116, https://x.com/drb_ra/status/1895908956440240290, https://x.com/drb_ra/status/1895908975801233783, https://x.com/drb_ra/status/1895908995258630316, https://x.com/drb_ra/status/1895909015470948735, https://x.com/drb_ra/status/1895909036396310703, https://x.com/drb_ra/status/1895909057808232843, https://x.com/drb_ra/status/1895909079681585451, https://x.com/drb_ra/status/1895909101252841699, https://x.com/drb_ra/status/1895909123084206224, https://x.com/drb_ra/status/1895909145754357979, https://x.com/drb_ra/status/1895909168101658675, https://x.com/drb_ra/status/1895909190063047165, https://x.com/drb_ra/status/1895909212699668875, https://x.com/drb_ra/status/1895909237567733972, https://x.com/drb_ra/status/1895909260187615716, https://x.com/drb_ra/status/1895909777177526572, https://x.com/drb_ra/status/1895909797540790712, https://x.com/drb_ra/status/1895928521417245004, https://x.com/drb_ra/status/1895946229789704339, https://x.com/drb_ra/status/1895946747316486417
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 9 threat reports