IOC Radar
IPMediumSignal 53/100

106.75.13.68

Location
ChinaChina
Yangpu, Shanghai
ASN
AS23724
Shanghai UCloud Information Technology Company Limited
First Seen
Feb 10, 2025
Last Seen
Jun 3, 2026
Feb 10
First Seen
489d ago
Jun 3
Last Seen
11d ago
17
Reports
source reports
53%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

54 techniques

Network Information

CountryCNChina
RegionYangpu, Shanghai
ASNAS23724
OrganizationShanghai UCloud Information Technology Company Limited

Feed Intelligence Summary

17 reports53% confidence
17
Source reports
53%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney activityadbhoney honeypotasiaattackauthentication abuseauthentication attemptsbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute_forcec2 serverchinacisco devicecisco exploit attemptscisco_exploitclosecncommand & controlcommand and controlcommunication protocolcompromised hostscowriecowrie activitycowrie honeypotcowrie interactioncowrie interactionscowrie_attackcredential accesscredential brute-forcingcredential harvestingcredential stuffingcredential_accessctadata exfiltrationdata store exposuredata theftdatabase securityddosdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea honeypotdionaea interactionsdistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingenumerationexploit kit activityexploitationexploitation activityexploited hostfailed login attemptsftp brute forceftp scangeckogithubgroupshackinghellohoneytrap honeypotidentity & access exploitationindicatorinitial accessinitial_accessinjection activityintel maciociot securitykhtmllamplamp exploit attemptslamp exploitation attemptslamp server attacklamp stack targetinglamp_exploitlateral movementlateral movement techniqueslinux x8664mailoney honeypotmalicious activitymalicious activity detectedmalicious emailmalicious login attemptsmalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware distributionmalware hostingmobilemobile securitynetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisos xpassword attackspassword sprayingphishingphishing attackphishing trappotential exploit attemptspotential intrusionpotential malware deliverypotential malware uploadprocess injectionpythonransomwarereconnaissanceremote accessresearchedresource hijackingscannerscanning activityscriptscripting attackssentrypeer botnetservice scansftpsftp access attemptsftp activitysftp attacksftp_attackshell access attemptssipsip brute forcesip enumerationsip scansip vulnerability scanningsip_attackslugsocial engineeringspamsshssh attackssh monitoringssh scanssh_bruteforcesurface webt1021t1021.001t1021.002t1021.004t1040t1041t1046t1053.005t1055t1059t1059.001t1059.004t1059.007t1064t1068t1071t1071.001t1071.004t1078t1078.001t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1588t1589t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeubuntuunauthorized accessvalid accountsvoipvoip attackvulnerability scanweb application attackweb attackweb exploitationweb scannerweb spamwindows nt

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
17
Reports
First seenFeb 10, 2025
Last seenJun 3, 2026
GeolocationCN
CountryChina
LocationYangpu, Shanghai
ASNAS23724
OrgShanghai UCloud Information Technology Company Limited
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
2025-03-17T08:22:24.000Z Honeypot : Mailoney : Source: 106.75.13.68 : Port: 25 : Data: ehlo hello
raw
inetnum: 106.75.0.0 - 106.75.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://chiraba.com:8443/hourly, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 11 days ago
Appeared in 17 threat reports