IPMediumSignal 19/100
117.57.90.135
Location
ChinaHefei, LN
ASN
AS4134
Chinanet AH
First Seen
Jan 20, 2021
Last Seen
Mar 28, 2026
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
19%
Signal Score
19 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionHefei, LN
ASNAS4134
OrganizationChinanet AH
Feed Intelligence Summary
6 reports19% confidence
6
Source reports
19%
Confidence score
Category tags
active scanactive scanningasiabotnetbotnet activitybotnet iocsbotnet miraibotnet propagationbrute forcechinacommand and controlcommunication protocolconnected devicescredential accesscredential stuffingdata exfiltrationdata store exposureddosddos attacksdenial of servicedevice managementdistributed attacksexploitationexploitation activitygorillabotidentity & access exploitationindicatorindustrial iotinitial accessinjection activityinternet of thingsiocsiot analyticsiot applicationsiot botnetiot devicesiot platformsiot securityiot/ics attackipv4irclinuxmalicious softwaremalwaremirai botnetmirai internetnetworknetwork attacksnetwork protocolnetwork scanningnetwork securityoutlawprocess injectionprotocol exploitationreconnaissanceresearchedscanning activitysmart devicesssh attackt1021t1021.001t1040t1053.005t1055t1059t1059.004t1071t1071.001t1078t1078.001t1105t1110.002t1190t1203t1486t1496t1497t1497.001t1498.001t1499.002t1499.003t1565t1595.001t1595.002t1595.003tcp protocoltelnet threatthingsthreat actortor nodetwitterxmrig
Activity Timeline
Mar 28Mar 28
Threat Activity Heatmap
· Peak: 2026-03-28LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
19
SIGNAL
Signal Score
19%
Confidence
6
Reports
First seenJan 20, 2021
Last seenMar 28, 2026
GeolocationCN
CountryChina
LocationHefei, LN
ASNAS4134
OrgChinanet AH
Coords41.7806, 123.4314
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 117.0.0.0 - 117.255.255.255 CIDR: 117.0.0.0/8 NetName: APNIC-117 NetHandle: NET-117-0-0-0-1 Parent: () NetType: Allocated to APNIC OriginAS: Organization: Asia Pacific Network Information Centre (APNIC) RegDate: 2007-01-17 Updated: 2010-07-30 Comment: This IP address range is not registered in the ARIN database. Comment: For details, refer to the APNIC Whois Database via Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment: for the Asia Pacific region. APNIC does not operate networks Comment: using this IP address range and is not able to investigate Comment: spam or abuse reports relating to these addresses. For more Comment: help, refer to http://www.apnic.net/apnic-info/whois_search2/abuse-and-spamming Ref: https://rdap.arin.net/registry/ip/117.0.0.0 ResourceLink: http://wq.apnic.net/whois-search/static/search.html ResourceLink: whois.apnic.net OrgName: Asia Pacific Network Information Centre OrgId: APNIC Address: PO Box 3646 City: South Brisbane StateProv: QLD PostalCode: 4101 Country: AU RegDate: Updated: 2012-01-24 Ref: https://rdap.arin.net/registry/entity/APNIC ReferralServer: whois://whois.apnic.net ResourceLink: http://wq.apnic.net/whois-search/static/search.html OrgAbuseHandle: AWC12-ARIN OrgAbuseName: APNIC Whois Contact OrgAbusePhone: +61 7 3858 3188 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN inetnum: 117.57.0.0 - 117.57.255.255 netname: CHINANET-AH descr: CHINANET anhui province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: JW89-AP tech-c: JW89-AP remarks: service provider mnt-by: APNIC-HM mnt-routes: MAINT-CHINANET-AH mnt-lower: MAINT-CHINANET-AH status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- last-modified: 2016-05-04T00:09:05Z source: APNIC mnt-irt: IRT-CHINANET-CN irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered mnt-by: MAINT-CHINANET last-modified: 2010-11-15T00:31:55Z source: APNIC person: Jinneng Wang address: 17/F, Postal Building No.120 Changjiang address: Middle Road, Hefei, Anhui, China country: CN phone: +86-551-2659073 fax-no: +86-551-2659287 e-mail: [email protected] nic-hdl: JW89-AP mnt-by: MAINT-CHINANET-AH last-modified: 2014-02-21T01:19:43Z source: APNIC
- references
- https://1275.ru/ioc/gs-25-19131-mirai-botnet-iocs_11023, https://1275.ru/ioc/gs-25-19129-mirai-botnet-iocs_11015, https://1275.ru/ioc/gs-25-19128-mirai-botnet-iocs_11001, https://1275.ru/ioc/gs-25-19127-mirai-botnet-iocs_10989, https://1275.ru/ioc/gs-25-19125-mirai-botnet-iocs_10956, https://1275.ru/ioc/gs-25-19126-mirai-botnet-iocs_10970, https://1275.ru/ioc/gs-25-18122-mirai-botnet-iocs_10913, https://1275.ru/ioc/gs-25-18120-mirai-botnet-iocs_10854, https://1275.ru/ioc/gs-25-18119-mirai-botnet-iocs_10829, https://1275.ru/ioc/gs-25-18118-mirai-botnet-iocs_10825, https://1275.ru/ioc/gs-25-17115-mirai-botnet-iocs-2_10696, https://1275.ru/ioc/gs-25-17115-mirai-botnet-iocs_10682, https://1275.ru/ioc/gs-25-17113-mirai-botnet-iocs_10658, https://1275.ru/ioc/gs-25-17112-mirai-botnet-iocs_10640, https://1275.ru/ioc/gs-25-1490-mirai-botnet-iocs_10200
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 2 months ago
Appeared in 6 threat reports