IPMediumSignal 47/100
61.52.75.73
Location
ChinaZhengzhou, HA
ASN
AS4837
CNC Group CHINA169 Henan Province Network
First Seen
Mar 13, 2021
Last Seen
May 12, 2026
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
Network Information
CountryChina
ChinaRegionZhengzhou, HA
ASNAS4837
OrganizationCNC Group CHINA169 Henan Province Network
Feed Intelligence Summary
5 reports47% confidence
5
Source reports
47%
Confidence score
Category tags
abusech-urlhaus-c2carcarmarm5arm6arm7asciiasiabackdoorbad reputationbase64-loaderboatnetbotbotnetbotnet activityc2castleratchinacnccobaltstrikecoinminercommand & controlcryptocurrencyddosdropped-by-amadeyelfencodedencryptionexeexecutable fileexploitation activitygithubgolanggotoresolveguloaderhajimehtai468i686indicatorinfostealerkemo828kimsukyloaderlodalodaratluam68kmalwaremassloggermemzmipsmips.miraimozimpslmsinetworkopendirphantomstealerpowerpcpowershellppcps1purecrypterpureratqbotransomwareratremcosratresearchedrev-base64-loaderrmmrustystealersaint helena, ascension and tristan da cunhasalatstealersantastealerscams & fraudsmartloadersparcspcsuperhthreat actortor nodeua-wgetvidarx86x86_64xwormzip
Activity Timeline
May 12May 12
Threat Activity Heatmap
· Peak: 2026-05-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address `61.52.75.73`, represents a critical and active threat that demands immediate attention. Identified with a significant threat score of 46.83 and explicitly not whitelisted, this IP address has been consistently linked to malicious activity by multiple reputable threat intelligence sources, including Abuse.ch-Urlhaus-C&Cs and AlienVault OTX Feeds. Its association with sophisticated threat actors like Kimsuky and MALLARD SPIDER (known for QakBot)…
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
5
Reports
First seenMar 13, 2021
Last seenMay 12, 2026
GeolocationCN
CountryChina
LocationZhengzhou, HA
ASNAS4837
OrgCNC Group CHINA169 Henan Province Network
Coords34.6800, 113.5344
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 61.52.0.0 - 61.53.255.255 netname: UNICOM-HA descr: China Unicom Henan province network country: CN admin-c: WW444-AP tech-c: WW444-AP abuse-c: AC1718-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-CNCGROUP-HA mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:08:55Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-10-17 mnt-by: MAINT-CNCGROUP last-modified: 2025-11-18T00:26:20Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-10-17 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-10-17T02:26:56Z source: APNIC person: Wei Wang nic-hdl: WW444-AP e-mail: [email protected] address: #55 San Quan Road, Zhengzhou, Henan Provice phone: +86-371-65952358 fax-no: +86-371-65968952 country: CN mnt-by: MAINT-CNCGROUP-HA last-modified: 2010-03-05T08:20:01Z source: APNIC route: 61.52.0.0/15 descr: CNC Group CHINA169 Henan Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:44Z source: APNIC
- references
- https://urlhaus.abuse.ch/browse/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 1 month ago
Appeared in 5 threat reports