IOC Radar
IPMediumSignal 86/100

219.157.183.230

Location
ChinaChina
Zhengzhou, Henan
ASN
AS4837
CNC Group CHINA169 Henan Province Network
First Seen
Feb 12, 2026
Last Seen
Mar 5, 2026
Feb 12
First Seen
123d ago
Mar 5
Last Seen
101d ago
6
Reports
source reports
86%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
86%
Signal Score
86 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

19 techniques

Network Information

CountryCNChina
RegionZhengzhou, Henan
ASNAS4837
OrganizationCNC Group CHINA169 Henan Province Network

IP Category

Proxy
Proxy server

Feed Intelligence Summary

6 reports86% confidence
6
Source reports
86%
Confidence score
Category tags
7zabuseabusech-urlhaus-c2cactive scanactive scanningamadeyamosstealerapkarcarchivearmasciiasiaasyncratbad reputationblankgrabberbotnet activitybotnetdomainbrute forcebrute force attackc2censyschinacncode injectioncoinminercommand & controlcommand executioncredential accesscredential harvestingcredential stuffingcryptocurrencyddosddos attacksddosagentdocdonutloaderdropped-by-amadeyelfencodedexeexecutable fileexploitation activityexploited hostfake-gitgafgytgithubgitlabgoproxyguloaderhackinghtaidentity & access exploitationindicatorinfostealerinjection activityinternet of thingsiot botnetiot securityiot/ics attackm68kmalicious powershell activitymalwaremamontmipsmirai botnetmobile threatmozimsinetworknjratopendiroteteampassword attackspassword: 1111password: lunexphishingphishing attackpluginpowerpcproxyps1purelogsstealerransomwarerarratreconnaissanceredir-302remcosratresearchedrev-base64-loaderrtfrustystealersaint helena, ascension and tristan da cunhasalatstealersantastealerscams & fraudscannerscripting attackssocial engineeringsparcstealersuperht1059.001t1059.007t1071.001t1086t1110.001t1110.002t1110.003t1110.004t1190t1204.001t1204.002t1496t1499.002t1566.001t1566.002t1566.003t1595.001t1595.002t1595.003ua-mshtaua-wgetunited statesvbevbsvidarweb exploitationwebshellx86zip

Activity Timeline

1 total obs
Mar 5Mar 5

Threat Activity Heatmap

· Peak: 2026-03-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
86
SIGNAL
Signal Score
86%
Confidence
6
Reports
First seenFeb 12, 2026
Last seenMar 5, 2026
GeolocationCN
CountryChina
LocationZhengzhou, Henan
ASNAS4837
OrgCNC Group CHINA169 Henan Province Network
Coords34.7472, 113.6250
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 219.154.0.0 - 219.157.255.255 netname: UNICOM-CN descr: China Unicom IP network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: CH1302-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CN-CUCGROUP mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:12:21Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-10-17 mnt-by: MAINT-CNCGROUP last-modified: 2025-11-18T00:26:20Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-10-17 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-10-17T02:26:56Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC route: 219.156.0.0/15 descr: CNC Group CHINA169 Henan Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:44Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 3 months ago
Appeared in 6 threat reports