IOC Radar
IPMediumSignal 57/100

106.14.238.41

Location
ChinaChina
Shanghai, Shanghai
ASN
AS37963
Aliyun Computing Co., LTD
First Seen
Sep 19, 2024
Last Seen
Jun 17, 2026
Sep 19
First Seen
645d ago
Jun 17
Last Seen
9d ago
9
Reports
source reports
57%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

71 techniques

Network Information

CountryCNChina
RegionShanghai, Shanghai
ASNAS37963
OrganizationAliyun Computing Co., LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

9 reports57% confidence
9
Source reports
57%
Confidence score
Category tags
abuseaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningapplication layer protocolasiaattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication-attemptsauthentication_attemptbad reputationblacklist activityblacklist checkblacklist hitblacklist ipblacklist ip activityblacklist ip checkblacklisted ip activitybotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcechinacncommand and controlcommand executioncommunication protocolcompromise attemptcowriecowrie honeypotcredential accesscredential attackscredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_attackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackdecoy systemdenial of servicedhcpdhcp abusedhcp attackdhcp attacksdhcp discoverydhcp exploitationdhcp requestdhcp scandhcp scanningdionaeadionaea honeypotdistributed attackselasticsearchelasticsearch attackelasticsearch attackselasticsearch brute forceelasticsearch bruteforceelasticsearch enumerationelasticsearch exploitationelasticsearch exposureelasticsearch scanelasticsearch scanningelasticsearch vulnerability scanencryptionexploitexploit public-facing applicationexploitation activityexploitation attemptexploited hostexposed serviceexternal remote servicesfattftpftp brute forceftp brute-forceftp bruteforcegeneric port scanninghackinghoneytrap honeypothttp scanneridentity & access exploitationimapimap attackimap attacksimap brute forceimap bruteforceimap scanningindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinternet-facing serviceiot securityiot targetedip-addressipv4kill-chain exploitationkill-chain reconnaissancelateral movementldapldap attackldap attacksldap brute forceldap bruteforceldap enumerationldap scanldap scanninglogin attacklogin brute forcelow-riskmailoney honeypotmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemanualmemcache brute forcememcache exploitationmemcache scanmemcache scanningmemcached amplificationmemcached attackmemcached attacksmemcached brute forcememcached enumerationmemcached exposurememcached scanningmssqlmssql attackmssql attacksmssql brute forcemssql bruteforcemssql exploitationmssql scanmssql scanningnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-rangenorth americantpntp amplificationntp attacksntp exploitationntp scanntp scanningoceaniaoracleoracle attackoracle attacksoracle brute forceoracle bruteforceoracle databaseoracle exploitationoracle scanoracle scanningosintp0fpassword attackpassword attackspassword crackingpassword_guessingphishingphishing attackphishing trappossible malicious activitypossible reconnaissance activitypostgres brute forcepostgres bruteforcepostgres scanningpostgresql attackpostgresql attackspostgresql brute forcepotential botnet activitypotential malware infectionprocess injectionprotocol exploitationproxyqhoneypot activityratrdp alternativereconnaissanceredis attacksredis brute forceredis bruteforceredis exploitationredis scanredis scanningremote accessremote access attackremote access attemptremote access attemptsremote access protocolremote access serviceremote access softwareremote access toolingremote access trojanremote servicesremote-accessremote_accessresearchresearchedresource hijackingrfbrfb protocolscanscannerscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice enumerationservice scansingle ip sourcesingle source ipsmb attackssmb brute forcesmb bruteforcesmb enumerationsmb exploitationsmb scansmb scanningsmtpsnmp attackssnmp enumerationsnmp exploitationsnmp scansocial engineeringsocks5socks5 attackssocks5 proxysocks5 proxy abusesocks5 proxy activitysocks5 proxy attemptsocks5 proxy detectionsocks5 proxy scansocks5 scansocks5 scanningspamsql injectionsshssh attackssh bruteforcessh monitoringssh-brutesystem accesssystem discoveryt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1059.008t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1567t1587.001t1588t1588.004t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet bruteforcetelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunauthorized accessunauthorized-accessunited statesunited states ipus /32us ip /32us ip addressus ip spaceus sourceus source ipus-originvalid accountsvncvnc attacksvnc authenticationvnc bruteforcevnc protocolvnc scanvnc scanningvoipvoip attackvulnerability scanweb app attackweb application attackweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
9
Reports
First seenSep 19, 2024
Last seenJun 17, 2026
GeolocationCN
CountryChina
LocationShanghai, Shanghai
ASNAS37963
OrgAliyun Computing Co., LTD
Coords31.0442, 121.4054
Proxy

VirusTotal

Not checked

WHOIS

description
VNC brute force authentication activity
raw
inetnum: 106.14.0.0 - 106.15.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN admin-c: ZM1015-AP tech-c: ZM877-AP tech-c: ZM876-AP tech-c: ZM875-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-ALISOFT-CN last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-ALISOFT-CN address: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: ZM877-AP tech-c: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-05T23:38:36Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Li Jia address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou country: CN phone: +86-0571-85022088 e-mail: [email protected] nic-hdl: ZM1015-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:12:42Z source: APNIC person: Guoxin Gao address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022600 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM875-AP mnt-by: MAINT-CNNIC-AP last-modified: 2014-07-30T01:56:01Z source: APNIC person: security trouble e-mail: [email protected] address: 5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen??r Road address: Hangzhou, Zhejiang, China phone: +86-0571-85022600 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: ZM876-AP last-modified: 2025-07-01T07:06:11Z source: APNIC person: Guowei Pan address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022088-30763 fax-no: +86-0571-85022600 e-mail: [email protected] nic-hdl: ZM877-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-07-01T07:05:46Z source: APNIC route: 106.14.238.0/24 descr: Alibaba (US) Technology Co., Ltd. origin: AS37963 mnt-by: MAINT-CNNIC-AP last-modified: 2020-06-28T00:09:08Z source: APNIC route: 106.14.238.0/24 descr: Alibaba (US) Technology Co., Ltd. origin: AS45102 mnt-by: MAINT-CNNIC-AP last-modified: 2020-06-28T00:08:33Z source: APNIC
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 9 threat reports