IOC Radar
IPMediumSignal 71/100

106.54.176.158

Location
ChinaChina
Shanghai, Shanghai
ASN
AS45090
Tencent cloud computing (Beijing) Co., Ltd.
First Seen
Jun 30, 2024
Last Seen
May 31, 2026
Jun 30
First Seen
727d ago
May 31
Last Seen
26d ago
25
Reports
source reports
71%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Network Information

CountryCNChina
RegionShanghai, Shanghai
ASNAS45090
OrganizationTencent cloud computing (Beijing) Co., Ltd.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

25 reports71% confidence
25
Source reports
71%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotapacheapache attackeraptasiaattackattack source ipattacker-ipaustraliaauthentication attackauthentication attemptauthentication attemptsautomated attackbad reputationbad web botblacklist matchingblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebrute-force attackchinaciscocisco devicecisco exploitation attemptcisco exploitation attemptscncommand and controlcommand executioncommand injectioncommunication protocolconpotconpot honeypotcowriecowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdhcpdhcp discoverydionaeadionaea honeypotdistributed attacksdnsdns attackelasticsearchelasticsearch enumerationencryptionenterprise networkingeuropeexploitexploitationexploitation activityexploited hostexport-to-otxfattfranceftpftp brute forceftp brute-forcehackinghoneypot 24h activityhoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttpsics securityidentity & access exploitationimapimap brute forceindiaindicatorindustrial control systemsinformation gatheringinitial accessinjection activityinternet of thingsintrusion detectioniociot botnetiot device targetingiot securityiot targetediot/ics attackknown malicious iplamplamp stack attacklamp stack targetinglateral movementlcialdapldap enumerationloginlogin attacklogin attemptmailoney honeypotmalaysiamalicious activitymalicious ipmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmemcache enumerationmiraimirai botnetmispmssqlmssql enumerationmysql brute forcenetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnorth americantpntp enumerationoceaniaopenctioracleoracle enumerationp0fpassword attackpassword attackspassword sprayingphishingphishing attackphishing trapping of deathpossible exploit attemptpossible malware dropperpossible mirai variantpostgrespostgres enumerationprocess injectionprotocol exploitationproxyqhoneypot detectionransomwarereconnaissanceredisredis enumerationremote accessremote access attemptremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserver exploitationservice scansftpsftp activitysftp attacksingaporesipsip brute forcesip scanningsmbsmb brute forcesmtpsnmpsnmp enumerationsocial engineeringsocks5socks5 proxy detectionsocradar honeypotspamsql injectionsshssh attackssh bruteforcessh monitoringswedent-pott1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1059.005t1071t1071.001t1076t1077t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1589t1589.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat-inteltor nodetpotudp port scanunauthorized accessunauthorized login attemptsunited kingdomunited statesvalid accountsvncvnc protocolvoipvoip attackweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
25
Reports
First seenJun 30, 2024
Last seenMay 31, 2026
GeolocationCN
CountryChina
LocationShanghai, Shanghai
ASNAS45090
OrgTencent cloud computing (Beijing) Co., Ltd.
Coords34.7732, 113.7220
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 106.52.0.0 - 106.54.255.255 netname: TencentCloud descr: Tencent cloud computing (Beijing) Co., Ltd. descr: Floor 6, Yinke Building,38 Haidian St, descr: Haidian District Beijing country: CN admin-c: JT1125-AP tech-c: JX1747-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP mnt-irt: IRT-TencentCloud-CN last-modified: 2022-01-17T08:58:21Z source: APNIC irt: IRT-TencentCloud-CN address: 9F, FIYTA Building, Gaoxinnanyi Road, Southern address: District of Hi-tech Park, Shenzhen e-mail: [email protected] admin-c: JT1125-AP tech-c: JX1747-AP abuse-mailbox: [email protected] remarks: [email protected] was validated on 2025-10-29 remarks: [email protected] was validated on 2025-10-29 auth: # Filtered mnt-by: MAINT-CNNIC-AP last-modified: 2025-11-18T00:34:40Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-09-19T17:20:32Z source: APNIC person: James Tian address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-84952 e-mail: [email protected] nic-hdl: JT1125-AP mnt-by: MAINT-CNNIC-AP last-modified: 2024-03-19T08:21:31Z source: APNIC person: Jimmy Xiao address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern address: District of Hi-tech Park, Shenzhen country: CN phone: +86-755-86013388-80224 e-mail: [email protected] nic-hdl: JX1747-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-17T00:38:09Z source: APNIC route: 106.52.0.0/14 descr: Shenzhen Tencent Computer Systems Company Limited country: CN origin: AS45090 notify: [email protected] mnt-by: MAINT-CNNIC-AP last-modified: 2019-04-18T03:50:02Z source: APNIC
references
https://purplesynapz.com/, https://redpiranha.net, https://github.com/telekom-security/tpotce, Bruteforce ips, https://jamesbrine.com.au/bruteforce-ip-list-2026-01-14/, https://jamesbrine.com.au

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 26 days ago
Appeared in 25 threat reports