IPMediumSignal 46/100

`106.75.12.130`

Location

China

Yangpu, Shanghai

ASN

AS23724

Shanghai UCloud Information Technology Company Limited

First Seen

Feb 12, 2025

Last Seen

Jun 7, 2026

Feb 12

First Seen

486d ago

Jun 7

Last Seen

5d ago

Reports

source reports

46%

Confidence

medium

Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

46%

Signal Score

46 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

64 techniques

Network Information

Country

China

RegionYangpu, Shanghai

ASNAS23724

OrganizationShanghai UCloud Information Technology Company Limited

Feed Intelligence Summary

17 reports46% confidence

Source reports

46%

Confidence score

Category tags

abuseaccessactive scanactive scanningadbhoney honeypotapplication layer protocolasiaattackauthentication attackautomated enumerationautomated reconnaissance activitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute force ftpbrute force sshbrute_forcec2 serverchinacisco deviceclosecncommand & controlcommand and controlcommunication protocolcompromised hostsconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredential_accessctadata exfiltrationdata exfiltration attemptdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase probingdatabase securityddosdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea honeypotdionaea interactionsdirectory traversaldistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploited hostftp brute forceftp scanningftp_brute_forcegeckogithubgroupshackinghelloheralding activityhoneytrap activityhoneytrap honeypothttp brute forceics securityidentity & access exploitationimapindicatorindustrial control systemsinitial accessinjection activityintel maciociot device targetingiot securityiot/ics attackipphoney honeypotkhtmllamplamp exploitlamp exploitation attemptslamp stack targetinglateral movementlinux x8664mail service attackmailoney activitymailoney honeypotmalicious activitymalicious activity detectedmalicious code detectionmalicious email activitymalicious login attemptsmalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware hostingmalware propagationmalware scanningmobilemobile securitynetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork traffic analysisnetwork_intrusionnetwork_reconnaissanceos fingerprintingos xpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trappossible exploit attemptspotential malware deliveryprocess injectionprotocol_enumerationpythonransomwarereconnaissanceredis exploitationredis honeypotremote accessremote servicesremote_accessresearchedresource hijackingscannerscanner detectionscanning activityscriptscripting attackssentrypeer activitysentrypeer botnetservice enumerationservice scansftpsftp activitysftp attacksftp exploitation attemptsshell access attemptssipsip brute forcesip enumerationsip scanningsip vulnerability scanningsip_attackslugsmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotspamsql injection attemptssshssh attackssh monitoringssh_brute_forcesurface webt1016t1021t1021.001t1021.002t1021.004t1021.006t1021.007t1040t1041t1046t1047t1053t1053.005t1055t1059t1059.001t1059.004t1059.007t1064t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1588t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeubuntuunauthorized accessunauthorized access attemptunusual network trafficvoipvoip attackvulnerability scanweb application attackweb application scanningweb attackweb crawling detectionweb exploitationweb scannerweb spamwindows nt

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

46%

Confidence

Reports

First seenFeb 12, 2025

Last seenJun 7, 2026

GeolocationCN

CountryChina

LocationYangpu, Shanghai

ASNAS23724

OrgShanghai UCloud Information Technology Company Limited

Coords31.2999, 121.5080

VirusTotal

Not checked

WHOIS

description: 2025-06-10T10:07:17.487Z Honeypot : ElasticPot : Source: 106.75.12.130 : Port: 9200 Event Type: Scan
raw: inetnum: 106.75.0.0 - 106.75.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC
references: https://github.com/telekom-security/tpotce

`106.75.12.130`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy