IOC Radar
IPMediumSignal 69/100

42.51.41.137

Location
ChinaChina
Shenzhen, Henan
ASN
AS56005
Henan Telcom Union Technology Co., LTD
First Seen
Sep 8, 2025
Last Seen
Jun 7, 2026
Sep 8
First Seen
280d ago
Jun 7
Last Seen
8d ago
24
Reports
source reports
69%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

53 techniques

Network Information

CountryCNChina
RegionShenzhen, Henan
ASNAS56005
OrganizationHenan Telcom Union Technology Co., LTD

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

24 reports69% confidence
24
Source reports
69%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningapacheapache attackeraptasiaattackattack source ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication-attemptsautomated attackautomated attacksbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebruteforcec2chinacisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescncode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised hostscowrie datacowrie honeypotcredential accesscredential compromise attemptcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service mitigationdevice managementdigital oceandistributed attacksenterprise networkingenv-huntingeuropeexploitationexploitation activityexploited hostexternal threatfailed login attemptsfilefinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinfected systemsinitial accessinitial-accessinjection activityinjection attacksiot securityiot targetedipv4kill-chain exploitationkill-chain reconnaissancelamplamp server targetinglateral movementlcialinux-server-attackslogin attemptlogin attemptslow-riskmalaysiamalicious activitymalicious file transfermalicious ip addressesmalicious ipsmalicious loginmalicious payloadmalicious script executionmalicious softwaremalicious-activitymalicious-ipmalwaremalware distributionmultiple failed loginsnetworknetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork trafficnetwork-servicenginxnorth americaoceaniaopen proxyosintpassword attackpassword attackspassword sprayingpassword-guessingphishingphishing attackping of deathpolandpoland based attackersport-scanningportscanpotential compromiseprocess injectionprotocol exploitationproxyransomwarereconnaissanceremote accessremote access attemptremote access attemptsremote service exploitationremote servicesresearchedresource hijackingscams & fraudscannerscannersscanning activityscripting attackssecurity operationssecurity policysentrypeer activitysentrypeer botnetservice exploitation attemptsservice scansftp access attemptsftp attacksftp exploitation attemptssingaporesip brute forcesip scanningsmb brute forcesmtp brute forcesocial engineeringsocradar honeypotspamsql-injectionsshssh attackssh monitoringt-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1552.001t1563t1565t1566t1566.001t1566.002t1566.003t1573t1589t1589.002t1590t1592t1595t1595.001t1595.002t1595.003targeting databasetcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intel-feedtor nodeudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesvoidtrapvoipvoip attackvpnvpn ipvultrvultr infrastructureweb app attackweb application attackweb attackweb exploitationweb spamweb trafficweb-attack

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
24
Reports
First seenSep 8, 2025
Last seenJun 7, 2026
GeolocationCN
CountryChina
LocationShenzhen, Henan
ASNAS56005
OrgHenan Telcom Union Technology Co., LTD
Coords34.7472, 113.6250
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
raw
inetnum: 42.51.0.0 - 42.51.127.255 netname: HTU-NET descr: Henan Telcom Union Technology Co., LTD descr: 73, 18 Buliding, 93 Jingsan Road, descr: Zhengzhou City,Henan,China country: CN admin-c: QW703-AP tech-c: LW2337-AP abuse-c: AC1910-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-AP-CNISP mnt-irt: IRT-CNISP-CN last-modified: 2021-02-17T13:08:45Z source: APNIC irt: IRT-CNISP-CN address: Beijing CNISP Technology Co., Ltd e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CM2275-AP tech-c: CM2275-AP auth: # Filtered remarks: [email protected] was validated on 2025-05-15 mnt-by: MAINT-AP-CNISP last-modified: 2025-09-04T05:46:38Z source: APNIC role: ABUSE CNISPCN country: ZZ address: Beijing CNISP Technology Co., Ltd phone: +000000000 e-mail: [email protected] admin-c: CM2275-AP tech-c: CM2275-AP nic-hdl: AC1910-AP remarks: Generated from irt object IRT-CNISP-CN remarks: [email protected] was validated on 2025-05-15 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-05-15T03:22:21Z source: APNIC person: Liu Wei nic-hdl: LW2337-AP e-mail: [email protected] address: 73, 18 Buliding, 93 Jingsan Road, phone: +86-371-55056677 country: CN mnt-by: MAINT-NEW last-modified: 2013-08-02T03:06:29Z source: APNIC person: Qingsong Wang nic-hdl: QW703-AP e-mail: [email protected] address: 73, 18 Buliding, 93 Jingsan Road, phone: +86-371-55056677 country: CN mnt-by: MAINT-NEW last-modified: 2013-08-02T03:06:28Z source: APNIC route: 42.51.0.0/17 descr: China Unicom Henan Province network descr: Addresses from CNNIC country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2012-08-07T07:18:02Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 8 days ago
Appeared in 24 threat reports