IOC Radar
IPMediumSignal 32/100

106.75.152.199

Location
ChinaChina
Yangpu, Shanghai
ASN
AS136958
Shanghai UCloud Information Technology Company Limited
First Seen
Jul 16, 2025
Last Seen
Jun 8, 2026
Jul 16
First Seen
342d ago
Jun 8
Last Seen
15d ago
13
Reports
source reports
32%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
32%
Signal Score
32 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryCNChina
RegionYangpu, Shanghai
ASNAS136958
OrganizationShanghai UCloud Information Technology Company Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

13 reports32% confidence
13
Source reports
32%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningaptasiaattackaustraliabad reputationbad web botblacklist candidateblacklist ipblacklisted ipsblocked ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcec2 communicationchinacloud infrastructurecloud infrastructure attackcloud servicescncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised hostconfiguration manipulationconfiguration modificationcowriecowrie honeypotcredential accesscredential stuffingcron injectiondata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedigital oceandionaeadionaea honeypotdistributed attacksdnsdns attackdnsserverencryptionenumerationeuropeexploitexploitationexploitation activityexploited hostfattfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap honeypothttp botnethttp brute forcehttp scanneridentity & access exploitationindicatorinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackirc botnetlateral movementlogin attemptlogin attemptsmailoney honeypotmalicious activitymalicious ipsmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware installationmariadbmirai botnetmirai variantmodule loadingnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnorth americantpoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpotential botnet activityprocess injectionprotocol exploitationproxyproxy protocolrcereconnaissancereconnaissance activityredisremote accessremote servicesreplication attackresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice discoveryservice scanslaveofsmb brute forcesmtpsmtp brute forcespamsql injectionsshssh attackssh key injectionssh monitoringt-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1202t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.003t1505.004t1550.003t1555t1563t1565t1566t1573t1573.001t1583t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized access attemptunited statesvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
32
SIGNAL
Signal Score
32%
Confidence
13
Reports
First seenJul 16, 2025
Last seenJun 8, 2026
GeolocationCN
CountryChina
LocationYangpu, Shanghai
ASNAS136958
OrgShanghai UCloud Information Technology Company Limited
Coords31.2999, 121.5080
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 106.75.0.0 - 106.75.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 15 days ago
Appeared in 13 threat reports