IOC Radar
IPHighVerifiedSignal 38/100

160.30.128.96

Location
NetherlandsNetherlands
Sheung Shui, North District
ASN
AS152475
TIANFENG (HONG KONG) COMMUNICATIONS LIMITED
First Seen
Apr 16, 2026
Last Seen
Apr 24, 2026
Apr 16
First Seen
70d ago
Apr 24
Last Seen
62d ago
4
Reports
source reports
38%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

21 techniques

Network Information

CountryNLNetherlands
RegionSheung Shui, North District
ASNAS152475
OrganizationTIANFENG (HONG KONG) COMMUNICATIONS LIMITED

Feed Intelligence Summary

4 reports38% confidence
4
Source reports
38%
Confidence score
Category tags
active scanagentaptasiaattackbackbad reputationcloudcontactdemodevtcpipportdionaeaenumerateeuropeexploitation activitygrephong konghuntipv4kagentlampmalwaremarimonetherlandsnetworknkabusenkn blockchainpostgresqlproxypythonrebootresearchedreverse shellselectspacesstrongsysdigt1016t1021.004t1027.002t1033t1053t1053.003t1059.004t1059.006t1071.004t1082t1083t1090t1095t1105t1140t1190t1543.001t1543.002t1552.001t1571t1573.002targetthreat actortor node

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
4
Reports
First seenApr 16, 2026
Last seenApr 24, 2026
Verified IOC
GeolocationNL
CountryNetherlands
LocationSheung Shui, North District
ASNAS152475
OrgTIANFENG (HONG KONG) COMMUNICATIONS LIMITED
Coords0.0000, 0.0000

VirusTotal

Not checked

WHOIS

description
CC=JP ASN=ASNone
raw
inetnum: 160.30.128.0 - 160.30.129.255 netname: TIANFENG-HK descr: TIANFENG (HONG KONG) COMMUNICATIONS LIMITED country: HK org: ORG-AA343-AP admin-c: TA383-AP tech-c: TA383-AP abuse-c: AT1864-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-TIANFENG-HK mnt-routes: MAINT-TIANFENG-HK mnt-irt: IRT-TIANFENG-HK last-modified: 2024-08-15T03:52:01Z source: APNIC irt: IRT-TIANFENG-HK address: Room 202008, Sheung Shui Plaza, 39 Lung Sum Road, Sheung Shu, Northern new realm HONG KONG 223900 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: TA383-AP tech-c: TA383-AP auth: # Filtered remarks: [email protected] was validated on 2025-12-19 mnt-by: MAINT-TIANFENG-HK last-modified: 2025-12-19T10:36:17Z source: APNIC organisation: ORG-AA343-AP org-name: TIANFENG (HONG KONG) COMMUNICATIONS LIMITED org-type: LIR country: HK address: Room 202008, Sheung Shui Plaza, 39 Lung Sum Road, Sheung Shu phone: +85266347358 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2024-06-27T13:11:37Z source: APNIC role: ABUSE TIANFENGHK country: ZZ address: Room 202008, Sheung Shui Plaza, 39 Lung Sum Road, Sheung Shu, Northern new realm HONG KONG 223900 phone: +000000000 e-mail: [email protected] admin-c: TA383-AP tech-c: TA383-AP nic-hdl: AT1864-AP remarks: Generated from irt object IRT-TIANFENG-HK remarks: [email protected] was validated on 2025-12-19 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-12-19T10:36:35Z source: APNIC role: TIANFENG administrator address: Room 202008, Sheung Shui Plaza, 39 Lung Sum Road, Sheung Shu, Northern new realm HONG KONG 223900 country: HK phone: +85266347358 e-mail: [email protected] admin-c: TA383-AP tech-c: TA383-AP nic-hdl: TA383-AP mnt-by: MAINT-TIANFENG-HK last-modified: 2024-08-15T03:30:25Z source: APNIC route: 160.30.128.0/24 origin: AS152475 descr: TIANFENG (HONG KONG) COMMUNICATIONS LIMITED Room 202008, Sheung Shui Plaza, 39 Lung Sum Road, Sheung Shu mnt-by: MAINT-TIANFENG-HK last-modified: 2024-09-05T07:56:01Z source: APNIC
references
https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface, IOCs.2026.csv, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface#conclusion, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 months ago · Last seen 2 months ago
Appeared in 4 threat reports