IOC Radar
IPMediumSignal 59/100

220.246.42.217

Location
Hong KongHong Kong
Central, HCW
ASN
AS4760
Hong Kong Telecommunications (HKT) Limited
First Seen
Sep 24, 2024
Last Seen
Jun 3, 2026
Sep 24
First Seen
627d ago
Jun 3
Last Seen
9d ago
28
Reports
source reports
59%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Network Information

CountryHKHong Kong
RegionCentral, HCW
ASNAS4760
OrganizationHong Kong Telecommunications (HKT) Limited

Feed Intelligence Summary

28 reports59% confidence
28
Source reports
59%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount enumerationactive scanactive scanningactive-attackadresse ipaptasiaatif feedattackattacker-ipaustraliaauthenticationauthentication attackauthentication failureauthentication-failureauto-generated securityautomated attackautomated multi-vector probingautomated threat responseazure adbad reputationbad web botbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebrute-force attackbruteforcec2 communicationc2 servercloud account securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode-injectioncommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscowrie honeypotcredential accesscredential attackcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-dumpingcredit card servicesctadata exfiltrationdata store exposuredata theftdatabase brute forceddosddos attackdecoy systemdenial of servicedigital oceandistributed attacksemail-protocoleuropeexploitationexploitation activityexploited hostexternal remote servicesfail2ban triggeredfinancefinancial servicesfinancial technologyfinlandfinland activityfnt-secure-sentinelfnt-sentinelfranceftpftp brute forcegermanyhackinghkhoneynet connecthong konghttp brute forcehttp scannerhttpsidentity & access exploitationimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial-accessinjection activityinternet-facingiocip-addressipv4it infrastructurelateral movementlogin attacklogin attemptlogin attemptslogin failurelondonmalaysiamalicious activitymalicious softwaremalicious-ipmalwaremalware distributionmanualmicrosoft entramicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service attacknetwork service scanningnetwork traffic analysisnetwork-attacknetwork-protocolnorth americaoceaniaopenctipassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceport-scanprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote servicesresearchedresource hijackingsaslscannerscannersscanning activitysecurity operationssecurity policyservice scansftp attacksmb brute forcesmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsoftware developmentspamsql-injectionsshssh attackssh monitoringsystem accesst1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588.004t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodeturkeyudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited kingdomunited statesvalid accountsvoidtrapvulnerability scanvulnerability-scanwazuhwealth managementweb app attackweb application attackweb brute forceweb exploitationweb spamweb trafficweb-attack

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
28
Reports
First seenSep 24, 2024
Last seenJun 3, 2026
GeolocationHK
CountryHong Kong
LocationCentral, HCW
ASNAS4760
OrgHong Kong Telecommunications (HKT) Limited
Coords22.2908, 114.1501

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force SSH on Vultr Melbourne (Australia) honeypot
raw
inetnum: 220.246.0.0 - 220.246.127.255 netname: NETVIGATOR descr: Hong Kong Telecommunications (HKT) Limited Mass Internet country: HK admin-c: NA45-AP tech-c: NA45-AP abuse-c: AH981-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-HK-IMS-CS mnt-lower: MAINT-HK-IMS-CS mnt-routes: MAINT-HK-IMS-WILSON mnt-irt: IRT-HKTIMS-HK last-modified: 2021-01-27T13:20:37Z source: APNIC irt: IRT-HKTIMS-HK address: PO Box 9896 GPO e-mail: [email protected] abuse-mailbox: [email protected] admin-c: WC109-AP tech-c: WC109-AP auth: # Filtered remarks: [email protected] remarks: [email protected] was validated on 2025-03-28 mnt-by: MAINT-HK-IMS last-modified: 2025-09-04T05:13:17Z source: APNIC role: ABUSE HKTIMSHK country: ZZ address: PO Box 9896 GPO phone: +000000000 e-mail: [email protected] admin-c: WC109-AP tech-c: WC109-AP nic-hdl: AH981-AP remarks: Generated from irt object IRT-HKTIMS-HK remarks: [email protected] was validated on 2025-03-28 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-28T04:58:16Z source: APNIC role: NETVIGATOR ADMINISTRATORS address: PO Box 9896 GPO address: Hong Kong phone: +852-2888-2888 country: hk e-mail: [email protected] admin-c: WC109-AP tech-c: WC109-AP nic-hdl: NA45-AP mnt-by: MAINT-HK-IMS last-modified: 2008-09-04T07:54:15Z source: APNIC route: 220.246.0.0/16 descr: Hong Kong Telecommunications (HKT) Limited Mass Internet country: HK origin: AS4760 notify: [email protected] mnt-by: MAINT-HK-IMS-CS last-modified: 2015-01-15T03:10:04Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 28 threat reports