IOC Radar
IPMediumSignal 40/100

61.147.171.3

Location
ChinaChina
Nanjing, Jiangsu
ASN
AS137702
Chinanet JS
First Seen
Jul 4, 2023
Last Seen
Jun 12, 2026
Jul 4
First Seen
1088d ago
Jun 12
Last Seen
14d ago
6
Reports
source reports
40%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryCNChina
RegionNanjing, Jiangsu
ASNAS137702
OrganizationChinanet JS

Feed Intelligence Summary

6 reports40% confidence
6
Source reports
40%
Confidence score
Category tags
active scanactive scanningapache http serverasiaaustraliaback orificebotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcecgi exploitationchinacncommand and controlcommand injectioncommunication protocolcompromised hostcowrie honeypotcowrie interactionscredential accesscredential stuffingdata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedionaea honeypotdionaea interactionsdistributed attacksdnsdns attackdzs routersexploitexploit attemptsexploitation activityexploitation attemptsexploited hostfattfatt signaturesftpftp attacksftp brute forcegpon routershackinghoneytrap honeypothoneytrap interactionshttp probinghttp scannericmpidentity & access exploitationinbound scanindicatorindicators of compromiseinitial accessinjection activityinjection attacksinput validation bypassioclateral movementmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious softwaremalwaremalware analysismalware behaviourmalware capturemalware deliverymalware distributionnetgear routersnetworknetwork attacksnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork-based attack attemptsoceaniap0fp0f signaturespassword attackspath traversalphishingphishing attackphishing trapprocess injectionprotocol exploitationransomwarercerdp attacksreconnaissanceremote accessremote servicesresearchedresource hijackingrouter exploitationscannerscanning activitysensor-taggedsentrypeer botnetsentrypeer interactionsserver exploitationsmtpsmtp attackssmtp probingsmtp scanningsql injectionssh attackssh attacksssh monitoringsuricata alertssystembct-pott1005t1016t1018t1020t1021t1021.001t1040t1046t1053t1055t1059t1059.003t1059.004t1068t1071t1071.001t1076t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1486t1496t1497.001t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1571t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedtor nodetpottsecvnc protocolvoipvoip attackweb application attackweb application exploitationweb trafficzgrab scanner

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
40
SIGNAL
Signal Score
40%
Confidence
6
Reports
First seenJul 4, 2023
Last seenJun 12, 2026
GeolocationCN
CountryChina
LocationNanjing, Jiangsu
ASNAS137702
OrgChinanet JS
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
Observed making inbound scans on 2026-05-24 09:05:48
raw
inetnum: 61.147.0.0 - 61.147.255.255 netname: CHINANET-JS descr: CHINANET jiangsu province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CJ186-AP mnt-by: MAINT-CHINANET mnt-lower: MAINT-CHINANET-JS mnt-routes: maint-chinanet-js status: ALLOCATED non-PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-87799222 e-mail: [email protected] remarks: send anti-spam reports [email protected] remarks: send abuse reports [email protected] remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: [email protected] mnt-by: MAINT-CHINANET-JS last-modified: 2022-08-05T15:34:47Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
references
https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7343296754995343363-S-1A?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 14 days ago
Appeared in 6 threat reports