Check an IP Address, Domain Name, Subnet, or ASN

117.139.231.194 was found in our database!

$ whois 117.139.231.194

country·🇨🇳 China

city·Chengdu

isp·China Mobile Communications Group Co., Ltd.

asn·AS9808

network·Standard

$ sikker risk 117.139.231.194scoring →

confidence

100%Very High

first_seen·Mar 31, 2026

last_seen·17d ago

sessions·301

events·301

$ sikker protocols 117.139.231.194

MYSQL

301 / 301

$ sikker summary 117.139.231.194

117.139.231.194 has a threat confidence score of 100%. This IP address from China (AS9808, China Mobile Communications Group Co., Ltd.) has been observed in 301 honeypot sessions targeting MYSQL protocols. Detected attack patterns include mysql udf exiles exe staged execution. First observed on March 31, 2026, most recently active April 1, 2026.

$ sikker behaviors 117.139.231.194catalog →

very_highMysql Udf Exiles Exe Staged Execution89x

Sequence where a MySQL UDF is created from a shared library (multiple variants observed), followed by invocation of functions such as downloader/xpdl3 to retrieve the exiles.exe payload and write it to a Windows path. Includes prior environment probing via SELECT @@version_comment.

$ sikker primitives 117.139.231.194

$ sikker related 117.139.231.194

🇨🇳·More threats fromChina→AS·More threats fromChina Mobile Communications Group Co., Ltd.→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
112.46.214.100	83%	3,451
112.46.212.35	95%	132
36.137.1.141	94%	1,062
112.46.213.197	96%	4,988
112.46.212.211	85%	2,800

IP Address	Confidence	Events
120.194.67.234	95%	1,480
118.190.113.81	83%	5,618
119.3.124.126	89%	75
36.212.176.143	94%	634
115.190.72.7	93%	403