IOC Radar
IPMediumSignal 49/100

193.176.211.38

Location
Hong KongHong Kong
Yau Ma Tei, Yau Tsim Mong District
ASN
AS206092
VPN Consumer Hong Kong
First Seen
Jun 30, 2022
Last Seen
May 7, 2026
Jun 30
First Seen
1445d ago
May 7
Last Seen
37d ago
15
Reports
source reports
49%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
49%
Signal Score
49 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryHKHong Kong
RegionYau Ma Tei, Yau Tsim Mong District
ASNAS206092
OrganizationVPN Consumer Hong Kong

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

15 reports49% confidence
15
Source reports
49%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney activityadbhoney honeypotapacheapache attackerapplication reconnaissanceaptasiaattackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute-forcecms detectioncommand and controlcommand injectioncommunication protocolcowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedionaea activitydionaea attackdionaea honeypotdirectory bruteforcingdirectory traversaldistributed attacksexploitation activityexploited hostftp brute forceftp brute-forcehackinghkhoneytrap activityhoneytrap honeypothong konghttp scannerhttpsidentity & access exploitationinformation technologyinjection activityinjection attacksit infrastructurelamplamp attacklamp stack attacklfimailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork probingnetwork scanningnetwork securityopen proxyowasppassword attacksphishingphishing attackphishing trapprocess injectionproxyreconnaissanceresearchedresource hijackingrfiscannerscripting attackssentrypeer activitysentrypeer botnetservice scansftp activitysftp attacksip scanningsocial engineeringsoftware developmentsshssh attackssh monitoringssrft1040t1041t1055t1059t1059.003t1059.004t1059.007t1068t1071.001t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1495.001t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1583t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertanner attacktelecommunicationsthreat actorthreat detectionthreat intelligencetor nodetpotcevoipvoip attackvpnvulnerability scanweb app attackweb application attackweb application fingerprintingweb attackweb crawlerweb exploitationweb scannerweb trafficxss

Activity Timeline

1 total obs
May 7May 7

Threat Activity Heatmap

· Peak: 2026-05-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
49
SIGNAL
Signal Score
49%
Confidence
15
Reports
First seenJun 30, 2022
Last seenMay 7, 2026
GeolocationHK
CountryHong Kong
LocationYau Ma Tei, Yau Tsim Mong District
ASNAS206092
OrgVPN Consumer Hong Kong
Coords22.3069, 114.1710
ProxyVPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 193.0.0.0 - 193.255.255.255 netname: RIPE-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the RIPE Whois Database, which contains remarks: details of IP addresses allocated in Europe, the remarks: Middle East, and northern Africa: remarks: remarks: website: http://www.ripe.net/perl/whois remarks: command line: whois.ripe.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 1 month ago
Appeared in 15 threat reports