IOC Radar
IPMediumSignal 89/100

193.24.211.242

Location
Hong KongHong Kong
Central, Central and Western
ASN
AS215929
Data Campus Limited
First Seen
Nov 7, 2025
Last Seen
Jun 9, 2026
Nov 7
First Seen
226d ago
Jun 9
Last Seen
12d ago
21
Reports
source reports
89%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
89%
Signal Score
89 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryHKHong Kong
RegionCentral, Central and Western
ASNAS215929
OrganizationData Campus Limited

Feed Intelligence Summary

21 reports89% confidence
21
Source reports
89%
Confidence score
Category tags
abuseabusech-threatfox-c2cactive scanactive scanningalienvault_ransomwareapacheapache attackerapplied researchaptasiaasyncratbad reputationbad web botbankingbgblocklist_allbotnet activitybrazilbrute forcebrute force attackbrute force attackerbrute ratelbrute-forcebulgariac2c2 communicationcivil servicescl0pclopclop ransomware activitycobalt strikecommand & controlcommand and controlcowriecredential accesscredential harvestingcredential stuffingcredit card servicescryptocurrencycryptomixcyclops blinkdarkwebdata encryptiondata exfiltrationdata store exposureddosddos attackdenial of servicedevelopment labsdigital oceandionaeaencryptioneuropeeurope/asiaexploitexploitation activityexploited hostextortionfattfinancefinance and insurancefinancial servicesfinancial technologyfingerprintfingerprintsfirstgermanygovernment technologygrouphackinghavochong kongidentity & access exploitationindicatorinformation technologyinjection activityinnovation managementinput validation bypassiocit infrastructurelateral movementmalicious ip addressesmalicious softwaremalwaremalware distributionmetasploitmovit exploitmythicnetworknetwork analysisnetwork infiltrationnetwork intrusionopensshoracle e-business suiteoracle ebsp0fpassword attackspathpath traversalpayment processingphishingphishing attackping of deathportscanprocess injectionproduct developmentpublic administrationpublic infrastructurepublic policyr&d strategyransomwareratreconnaissanceregulatory agenciesresearchresearch & developmentresearch methodologyresearchedrussiarussia-basedscannerscannersscanning activityscientific researchsecurity operationssensor-taggedservice scanshadowsyndicatesliversocial engineeringsoftware developmentsouth americassh attackssh fingerprintssh keyssuitesuspected botnetsystem disruptiont1003t1021t1021.004t1053t1055t1059t1059.001t1059.004t1068t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1490t1497t1499.001t1550t1565t1566t1566.001t1566.002t1566.003t1569.002t1572t1583.001t1583.003t1588.002t1595.001t1595.002t1595.003tannertechnology researchthreat actorthreat intelligencetor nodetpotvultrwealth managementweb application attackweb application exploitationweb exploitationzeroday

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
89
SIGNAL
Signal Score
89%
Confidence
21
Reports
First seenNov 7, 2025
Last seenJun 9, 2026
GeolocationHK
CountryHong Kong
LocationCentral, Central and Western
ASNAS215929
OrgData Campus Limited
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
inetnum: 193.24.211.0 - 193.24.211.255 descr: END CUSTOMERS VDS netname: DATACAMPUS-NET org: ORG-DCL55-RIPE country: HK admin-c: NA8536-RIPE tech-c: NA8536-RIPE abuse-c: NA8536-RIPE mnt-routes: lir-hk-datacampus-1-MNT mnt-domains: lir-hk-datacampus-1-MNT status: SUB-ALLOCATED PA created: 2025-02-27T13:49:33Z last-modified: 2025-02-27T13:49:55Z source: RIPE mnt-by: lir-hk-datacampus-1-MNT organisation: ORG-DCL55-RIPE org-name: Data Campus Limited country: HK org-type: LIR address: SuiteC, Level7, World Trust Tower, 50Stanley Street, Central address: 999077 address: Hong Kong address: HONG KONG phone: +85258010244 admin-c: NA8536-RIPE tech-c: NA8536-RIPE mnt-ref: ro-btel2-1-mnt mnt-ref: lir-de-l7networks-gmbh-1-MNT abuse-c: AR73267-RIPE mnt-ref: lir-hk-datacampus-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-hk-datacampus-1-MNT created: 2023-11-17T14:40:51Z last-modified: 2025-07-26T12:45:44Z source: RIPE # Filtered role: DATACAMPUS NOC TEAM address: Hong Kong address: 999077 address: Suite C, Level 7, World Trust Tower, 50 Stanley Street, Central, Hong Kong phone: +85258010244 abuse-mailbox: [email protected] nic-hdl: NA8536-RIPE mnt-by: lir-hk-datacampus-1-MNT created: 2023-11-17T14:40:50Z last-modified: 2025-02-21T08:36:59Z source: RIPE # Filtered route: 193.24.211.0/24 origin: AS215929 mnt-by: lir-hk-datacampus-1-MNT created: 2025-02-28T10:19:36Z last-modified: 2025-02-28T10:19:36Z source: RIPE
references
https://theravenfile.com/2025/11/04/clop-ransomware-dissecting-network/, https://x.com/JAMESWT_WT/status/2039015558524313627, https://x.com/JAMESWT_WT/status/2039025653832446078, https://x.com/JAMESWT_WT/status/2039056290098430013, https://x.com/JAMESWT_WT/status/2039065320111960356, https://x.com/JAMESWT_WT/status/2039075687013683359, https://www.group-ib.com/blog/new-shadowsyndicate-infrastructure/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, Nov.Week1.pdf

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 7 months ago · Last seen 12 days ago
Appeared in 21 threat reports