IPMediumSignal 67/100
45.144.136.169
Location
Hong KongHong Kong, Kowloon
ASN
AS139659
Xnnet Limited
First Seen
Jan 17, 2025
Last Seen
May 26, 2026
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryHong Kong
Hong KongRegionHong Kong, Kowloon
ASNAS139659
OrganizationXnnet Limited
Feed Intelligence Summary
11 reports67% confidence
11
Source reports
67%
Confidence score
Category tags
abuseactive scanadversary simulation toolagent teslaakamaialibabaandroidapi contactaptasiaasyncratattackbad reputationbeaconbeaconing activitybotnetbotnet activitybrute forcebrute_ratel_c4c2c2 communicationc2 frameworkchinacobaltcobalt strikecobalt-strikecobaltstrikecommand & controlcommand and controlcompromised systemconfigcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredcratdeimosdistributed attackse-commerceencryptioneuropeexecutable fileexploitation activityextortionfeedfindfraudglobalhavochkhong konghookbothuaweiidentity & access exploitationindicatorindicators of compromiseinformation technologyinfrastructure acquisitionreconnaissanceinjection activityiociocsiotiot securityjquerylateral movementlateral movement techniqueslinkedin pagemalicious activitymalicious softwaremalwaremalware distributionmanualmedia & entertainmentmobile threatmythicnanocore ratnation-state activitynetsupportratnetworknetwork traffic analysispayload deliverypayload deploymentpayload generationpegasuspenetration testing toolphishingphishing attackphppost-exploitationpost-exploitation activitiespost-exploitation activityprocess injectionprotectransomwareransomware feedremcosremcos trojanremote accessremote access trojanremote servicesresearchedreverse_sshscams & fraudsecurity operationssentinel mispserversliverslugsocial engineeringstrongsupershellsurface websystem disruptiont1003t1005t1016t1018t1021t1021.001t1027t1041t1047t1049t1053t1055t1059t1059.001t1059.003t1068t1071t1071.001t1078t1083t1090t1090.001t1095t1105t1129t1134t1190t1210t1486t1490t1496t1499.002t1499.003t1543t1565t1566t1566.001t1566.002t1566.003t1567t1569.002t1573t1573.001t1574t1587.001t1590.001telecommunicationthreat actorthreat feedthreat intelligencetor nodeunixvietnamvulnerability scan
Activity Timeline
May 26May 26
Threat Activity Heatmap
· Peak: 2026-05-26LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
11
Reports
First seenJan 17, 2025
Last seenMay 26, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, Kowloon
ASNAS139659
OrgXnnet Limited
Coords22.2578, 114.1657
VirusTotal
Not checked
WHOIS
- description
- PrecisionSec is the world's leading cyber-security company and provides a comprehensive service of threat intelligence, including Cobalt Strike, FortiGate Firewall and Microsoft Sentinel, along with other products.
- raw
- inetnum: 45.0.0.0 - 45.255.255.255 netname: IANA-NETBLOCK-45 descr: This network range is not fully allocated to APNIC. descr: descr: If your whois search has returned this message, then you have descr: searched the APNIC whois database for an address that is descr: allocated by another Regional Internet Registry (RIR). descr: descr: Please search the other RIRs at whois.arin.net or whois.ripe.net descr: for more information about that range. country: AU admin-c: IANA1-AP tech-c: IANA1-AP abuse-c: AA1452-AP status: ALLOCATED PORTABLE remarks: For general info on spam complaints email [email protected]. remarks: For general info on hacking & abuse complaints email abuse@apnic .net. mnt-by: APNIC-HM mnt-lower: APNIC-HM mnt-irt: IRT-APNIC-AP last-modified: 2021-02-15T05:31:12Z source: APNIC irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 auth: # Filtered mnt-by: APNIC-HM last-modified: 2025-11-18T00:26:21Z source: APNIC role: ABUSE APNICAP country: ZZ address: Brisbane, Australia phone: +000000000 e-mail: [email protected] admin-c: HM20-AP tech-c: NO4-AP nic-hdl: AA1452-AP remarks: Generated from irt object IRT-APNIC-AP remarks: [email protected] was validated on 2020-02-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-11-28T01:00:58Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
- references
- https://precisionsec.com/threat-intelligence-feeds/cobaltstrike/, https://threatfox.abuse.ch/export/csv/recent/, https://x.com/drb_ra/status/1896089976770830351, https://x.com/drb_ra/status/1896089995473285161, https://x.com/drb_ra/status/1896090014003732659, https://x.com/drb_ra/status/1896090014695428300, https://x.com/drb_ra/status/1896090033855348779, https://x.com/drb_ra/status/1896090053887332524, https://x.com/drb_ra/status/1896090060275015689, https://x.com/drb_ra/status/1896090074074529893, https://x.com/drb_ra/status/1896090092940533859, https://x.com/drb_ra/status/1896090144165290106, https://x.com/drb_ra/status/1896090156811120741, https://x.com/drb_ra/status/1896090166441189588, https://x.com/drb_ra/status/1896090178273382594, https://x.com/drb_ra/status/1896090195948118214, https://x.com/drb_ra/status/1896090206773620986, https://x.com/drb_ra/status/1896090217817231484, https://x.com/drb_ra/status/1896090227266953560, https://x.com/drb_ra/status/1896090237949939927, https://x.com/drb_ra/status/1896090259676401864, https://x.com/drb_ra/status/1896090264940233055, https://x.com/drb_ra/status/1896090610244993205, https://x.com/drb_ra/status/1896137634554183875, https://x.com/drb_ra/status/1896147760338125141, https://x.com/drb_ra/status/1896147780307206172, https://x.com/drb_ra/status/1896158403766153652, https://x.com/drb_ra/status/1896158422355358045, https://x.com/drb_ra/status/1896270635309150240, https://x.com/drb_ra/status/1896271152177406174, https://x.com/drb_ra/status/1896271170355581175, https://x.com/drb_ra/status/1896271188592357867, https://x.com/drb_ra/status/1896271207114395682, https://x.com/drb_ra/status/1896271225795785163, https://x.com/drb_ra/status/1896271242824687661, https://x.com/drb_ra/status/1896271261753622540, https://x.com/drb_ra/status/1896271281382986102, https://x.com/drb_ra/status/1896271300697657454, https://x.com/drb_ra/status/1896271317831475563, https://x.com/drb_ra/status/1896271335741084026, https://x.com/drb_ra/status/1896271353483051033, https://x.com/drb_ra/status/1896271870409978071, https://x.com/drb_ra/status/1896271888743293014, https://x.com/drb_ra/status/1896271907579928912, https://x.com/drb_ra/status/1896271924474601925, https://x.com/drb_ra/status/1896271943386779736, https://x.com/drb_ra/status/1896271962365935869, https://x.com/drb_ra/status/1896271982070825276, https://x.com/drb_ra/status/1896272001335177678, https://x.com/drb_ra/status/1896272020436123966, https://x.com/drb_ra/status/1896272039360823661, https://x.com/drb_ra/status/1896290753074348263, https://x.com/drb_ra/status/1896333230158274870, https://x.com/drb_ra/status/1896333249225597109, https://x.com/drb_ra/status/1896333268066467916, https://x.com/drb_ra/status/1896333287771279819, https://x.com/drb_ra/status/1896333308059115875, https://x.com/drb_ra/status/1896333327252262994, https://x.com/drb_ra/status/1896333346684469425, https://x.com/drb_ra/status/1896333366150226139
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 27 days ago
Appeared in 11 threat reports