IPMediumSignal 54/100

`206.237.0.49`

Location

United States

Kwun Tong, Kwun Tong District

ASN

AS932

VH Global Limited

First Seen

Nov 10, 2023

Last Seen

Jun 6, 2026

Nov 10

First Seen

942d ago

Jun 6

Last Seen

3d ago

Reports

source reports

54%

Confidence

medium

Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

54%

Signal Score

54 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

78 techniques

Network Information

Country

United States

RegionKwun Tong, Kwun Tong District

ASNAS932

OrganizationVH Global Limited

Feed Intelligence Summary

13 reports54% confidence

Source reports

54%

Confidence score

Category tags

academic institutionsaddressaitm serveramos steakeramos stealeranydesk moduleapache tomcat exploitationaptapt grouparchive fileasiaatomic httpsatomic stealerbackdoorbankingbcttbha006blockboinc c2bootkitty iocsbotnetbrazanbamboo c2brute forcebrute ratelbrute_forceburnsrat cc2 addressc2 domainc2 httpc2 httpsc2 ipc2 serverc2 serverscheat enginecivil servicescl-sta-0048cloud computingcloud migrationcloud securitycloud servicescloud storagecobalt strikecobalt strike frameworkcobaltstrikecode executioncode injectioncode issuescode snippetscommand and controlcommand executioncommunication protocolcommunication technologiescompromise noteconsumer goodscortex xdrcredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicescthulhu stealercustom toolscyber threatsdamndarkracedatadata exfiltrationdata theftdatabase securitydefanged filedetailsdigital signaturedistributed attacksdll sideloadingdonexdownload urldownloaderdragonrankdropperduoyiearth lamiaeducational resourceseducational serviceseducational technologyeldoradofake captchafake chromefigurefilefilesfinaldraft elffinancefinancial servicesfinancial technologyfindfingerprintfirstfirst seenfirst stagefleet managementfooterfreight servicesftpftp brute forcegh0stratghostgambitghostsocksgithubgithub usersgmergoogle meetgovernment technologyguidloaderhasheshashes payloadhelldown linuxhex staginghex staging deliveryhidden rootkithigher educationhong konghornshta filehta md5hta scripthtmlhtml payloadhttp attackhttp scannericoniis exploitationiis vulnerability exploitationindicatortypeinformation technologyinfrastructure acquisitionreconnaissanceinjection attacksiocsiocs filesiocs hashiocs helldowniocs maliciousiocs zipips httpsipv4ipv4 addressit infrastructurejs downloadk-12 educationl fileslandinglatin americalinkslinuxlnk fileloaderlockbitlumma payloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware c2malware hashmalware signingmanualmaritime transportmekotio bankingmintsloader c2mlpeamobile carriersmobile networksmoneromonitormsimsi filemssql exploitationmssql vulnerability exploitationmulti-cloud managementmulti-industry targetingmultiple protocolsna majesticna starknation-state actorneshtanetworknetwork ipnetwork securitynetwork_reconnaissancenoopldr type1noopldr type2north americaopswat oesispalo altopalo alto networkspanelpassenger transportationpathloaderpayloadpayload hostpayload urlpayment processingphishingphishing attackphishing urlsphobosphpsertphpsert variantpluginplugxplugx backdoorplugx c2plugx loaderportspowershell executionpowershower c2privilege escalationprocess injectionprotectprotocol exploitationproxypscppsexecpublicpublic administrationpublic infrastructurepublic policypullquite solsjoasquocrail transportransomreddelta c2redditregistry keysregulatory agenciesremcos trojanremote accessremote servicesresearchedretail traderhadamanthys c2sample sha256samplesscripting attackssearchseenserver httpserversservice dllsftp attackshell commandsshiftsimilar sha256sitesitessocial engineeringsoftware developmentsoftware exploitationsoftware integritysolo airfieldsouth asiasql scriptsqlcmd abusessh accessssh attackstarstealc c2stealc payloadstrike loadersstrongstudio codesupershellsystembct1003t1005t1016t1021t1021.001t1021.002t1027t1040t1041t1046t1053t1053.005t1055t1055.001t1059t1059.001t1059.003t1059.004t1059.005t1068t1071t1071.001t1071.004t1076t1078t1078.002t1078.003t1083t1086t1105t1110t1110.002t1133t1136.001t1140t1189t1190t1203t1204t1204.001t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.003t1547t1547.001t1553.002t1554.001t1554.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1571t1572t1583.001t1583.003t1587.001t1589t1590t1590.001t1592t1592.001t1592.002t1592.003t1595t1595.001t1595.002t1608.001t1608.002telecom servicestelecommunicationstelnet threattls certificatetokentransportation and warehousingtransportation infrastructuretransportation technologytrojanizedtrojanspytype nameunited statesurlsurls httpurls httpsusv4 removalvalleyratvantvbshower c2versionversion bversion cversion dversion eviewvisual studiovshellvssadmin deletewealth managementweb securityweb trafficwindows payloadzipmsi

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

54%

Confidence

Reports

First seenNov 10, 2023

Last seenJun 6, 2026

GeolocationUS

CountryUnited States

LocationKwun Tong, Kwun Tong District

ASNAS932

OrgVH Global Limited

Coords22.3100, 114.2230

VirusTotal

Not checked

WHOIS

raw: inetnum: 206.0.0.0 - 206.255.255.255 netname: ARIN-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the ARIN Whois, which contains remarks: details of IP addresses allocated in North America, remarks: parts of the Caribbean, and sub-equatorial Africa: remarks: remarks: website: https://ws.arin.net/whois remarks: command line: whois.arin.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2009-05-01T03:52:53Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC

`206.237.0.49`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy