IOC Radar
IPMediumSignal 52/100

61.163.151.37

Location
ChinaChina
Zhengzhou, HA
ASN
AS4837
CNC Group CHINA169 Henan Province Network
First Seen
May 28, 2025
Last Seen
Jun 29, 2025
May 28
First Seen
391d ago
Jun 29
Last Seen
360d ago
9
Reports
source reports
52%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryCNChina
RegionZhengzhou, HA
ASNAS4837
OrganizationCNC Group CHINA169 Henan Province Network

Feed Intelligence Summary

9 reports52% confidence
9
Source reports
52%
Confidence score
Category tags
abuseaccess controlactive scanningafricaamadeyarmasiaavemariaratbackdoorbotnetbrute forcebrute force attackbrute force attemptc2c2 communicationcensyschinacobaltstrikecommand and controlcommunication protocolcommunication technologiesconfigcredential accesscredential harvestingcredential stuffingcryptbotdata exfiltrationddosddos attacksdecoy systemdenial of servicedistributed attacksdropped-by-acrstealerdropped-by-amadeyelfeurope/asiaexeexploit attemptsftp brute forcegafgytguloaderhajimehijackloaderhtahttp brute forcehttp scanneridatloaderindicatorinfostealerinternet of thingsintrusion detectioniociot botnetiot/ics attackjpg-base64-loaderlateral movementlnklummastealermalicious linksmalicious softwaremalwaremalware propagationmalware scanningmd5mexicomipsmirai botnetmobile carriersmobile networksmodiloadermozinanocore linknetsupport linknetworknetwork attacksnetwork probingnetwork scanningnetwork securitynetwork service scanningnorth americapassword attacksphishingphishing attackprocess injectionprotocol exploitationratreconnaissanceremote accessremote access trojanremote servicesresearchedrussiascanscannerscriptsecurity policysh.extsha valuessharkshark2smtp brute forcesocial engineeringsouth africaspynotesql injection attemptsssh attacksshdkitstealert1005t1021t1021.001t1021.002t1027t1040t1041t1046t1047t1053t1055t1059t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1204t1204.001t1210t1486t1496t1499.001t1499.002t1499.003t1547t1563t1565t1566t1566.001t1566.002t1566.003t1573t1583t1588t1595t1595.001t1595.002t1595.003tcp protocoltelecom servicestelecommunicationstelnet threatthreat intelligencethreat preventionua-wgeturlhausurls httpurls httpsweb securityweb trafficxml-opendir

Activity Timeline

1 total obs
Jun 29Jun 29

Threat Activity Heatmap

· Peak: 2025-06-29
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
9
Reports
First seenMay 28, 2025
Last seenJun 29, 2025
GeolocationCN
CountryChina
LocationZhengzhou, HA
ASNAS4837
OrgCNC Group CHINA169 Henan Province Network
Coords34.5306, 113.3771

VirusTotal

Not checked

WHOIS

raw
inetnum: 61.163.0.0 - 61.163.255.255 netname: UNICOM-HA descr: China Unicom Henan province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: WW444-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HA mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:18:11Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: Wei Wang nic-hdl: WW444-AP e-mail: [email protected] address: #55 San Quan Road, Zhengzhou, Henan Provice phone: +86-371-65952358 fax-no: +86-371-65968952 country: CN mnt-by: MAINT-CNCGROUP-HA last-modified: 2010-03-05T08:20:01Z source: APNIC route: 61.163.0.0/16 descr: CNC Group CHINA169 Henan Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:44Z source: APNIC
references
https://any.run/malware-trends/, https://urlhaus.abuse.ch/, https://urlhaus.abuse.ch/browse/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 year ago
Appeared in 9 threat reports