IPMediumSignal 52/100
58.247.54.98
Location
ChinaShanghai, SH
ASN
AS17621
CNC Group CHINA169 Shanghai Province Network
First Seen
Jul 17, 2025
Last Seen
Apr 26, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionShanghai, SH
ASNAS17621
OrganizationCNC Group CHINA169 Shanghai Province Network
Feed Intelligence Summary
12 reports52% confidence
12
Source reports
52%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningasiaattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcec2chinacommand & controlcommand and controlcommunication protocolcompromised systemcredential accesscredential stuffingdata exfiltrationdata store exposureddosddos attacksdecoy systemdistributed attacksexploitation activityidentity & access exploitationindicatorinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackmalicious activitymalicious network activitymalicious softwaremalwaremalware deliverymalware indicatorsmirai botnetnetworknetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysispassword attacksprocess injectionprotocol exploitationreconnaissanceresearchedscanscannersecurity operationssecurity policyservice scant1021.002t1040t1046t1055t1056.001t1059.001t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566t1573t1595t1595.001t1595.002t1595.003tcp protocoltelnet threatthreat actorthreat intelligencethreat preventiontor nodevulnerability scan
Activity Timeline
Apr 26Apr 26
Threat Activity Heatmap
· Peak: 2026-04-26LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address, signals a significant and ongoing threat to organizational security. With a risk score exceeding 50, it is strongly indicative of malicious activity, primarily associated with aggressive network scanning and potential botnet command and control operations. The presence of this IOC in network logs or security telemetry suggests an active attempt at reconnaissance, vulnerability exploitation, or integration into a hostile network infrastructure.…
Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
12
Reports
First seenJul 17, 2025
Last seenApr 26, 2026
GeolocationCN
CountryChina
LocationShanghai, SH
ASNAS17621
OrgCNC Group CHINA169 Shanghai Province Network
Coords31.0442, 121.4054
VirusTotal
Not checked
WHOIS
- description
- Scans hitting the server at TCP port 23 Telnet. Same IP should not appear more than once in 96 hours in our lists S3#.
- raw
- inetnum: 58.247.54.96 - 58.247.54.103 netname: lilaiwangluo country: cn descr: lilaiwangluo admin-c: YR194-AP tech-c: YR194-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-CNCGROUP-SH last-modified: 2010-03-12T01:38:06Z source: APNIC person: yanling ruan nic-hdl: YR194-AP e-mail: [email protected] address: No.900,Pudong Avenue,ShangHai,China phone: +086-021-61201616 fax-no: +086-021-61201616 country: cn mnt-by: MAINT-CNCGROUP-SH last-modified: 2008-12-15T08:05:03Z source: APNIC route: 58.246.0.0/15 descr: CNC Group CHINA169 Shanghai Province Network country: CN origin: AS17621 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:34Z source: APNIC
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 11 months ago · Last seen 1 month ago
Appeared in 12 threat reports