IPMediumSignal 100/100
106.75.171.12
Location
ChinaYangpu, Shanghai
ASN
AS136958
Shanghai UCloud Information Technology Company Limited
First Seen
May 21, 2024
Last Seen
Feb 15, 2026
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionYangpu, Shanghai
ASNAS136958
OrganizationShanghai UCloud Information Technology Company Limited
Feed Intelligence Summary
27 reports99% confidence
27
Source reports
99%
Confidence score
Category tags
abuseabuseipdbaccess controlack scanactive scanningagent teslaakamaialibabaandroidapacheapache attackerapi contactaptasiaattackauto-generated securitybeaconbeaconing activitybianlianbotnetbrute forcebrute force attackbrute_ratel_c4c2c2 communicationcertchinacncobaltcobalt strikecobalt-strikecobaltstrikecommand and controlcompromised systemconfigcredential accesscredential harvestingcredential stuffingctadata encryptiondata exfiltrationddosdeimosdistributed attackse-commerceenumerationeuropeextortionfeedfin scanfindfirewall detection probefraudglobalhackinghak5_cloud_c2havochuaweiindicatorindicators of compromiseinformation technologyinfrastructure acquisitionreconnaissanceiociocsiotjquerylateral movementlinkedin pagemalicious activitymalicious softwaremalwaremalware distributionmanualmasscan activitymedia & entertainmentmythicnanocore ratnetsupportratnetworknetwork enumerationnetwork reconnaissancenetwork scanningnetwork traffic analysisnmap scan detectednull scanos fingerprinting attemptpassword attackspayload deliveryphishingphishing attackphppossible vulnerability probingpost-exploitation activitypotential exploit targetingpotential reconnaissance activityprocess injectionprotectransomwareransomware feedratreconnaissancereconnaissance activityremcos trojanremote accessremote access trojanremote servicesresearchedrtbhscannersecurity operationssecurity policysentinel mispserverservice discoveryservice enumerationsliverslugsocial engineeringsocradarssh attackstealth scanstrongsurface websyn scansystem disruptiont1005t1016t1018t1021t1021.001t1027t1041t1046t1047t1049t1053t1055t1059t1059.001t1059.003t1068t1071t1071.001t1078t1083t1095t1105t1110.001t1110.002t1110.003t1110.004t1129t1133t1134t1190t1486t1490t1496t1499.002t1499.003t1543t1565t1566t1566.001t1566.002t1566.003t1569.002t1574t1587.001t1590.001t1595t1595.001t1595.002t1595.003telecommunicationthreat actorthreat feedthreat intelligencethreat preventionudp port scanunixvietnamxmas scan
Activity Timeline
Feb 15Feb 15
Threat Activity Heatmap
· Peak: 2026-02-15LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
27
Reports
First seenMay 21, 2024
Last seenFeb 15, 2026
GeolocationCN
CountryChina
LocationYangpu, Shanghai
ASNAS136958
OrgShanghai UCloud Information Technology Company Limited
Coords34.7732, 113.7220
VirusTotal
Not checked
WHOIS
- description
- CC=CN ASN=AS58466 chinanet guangdong province network
- raw
- inetnum: 106.75.0.0 - 106.75.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC
- references
- https://precisionsec.com/threat-intelligence-feeds/cobaltstrike/, https://threatfox.abuse.ch/export/csv/recent/, https://list.rtbh.com.tr/output.txt, https://x.com/drb_ra/status/1897901868891721804, https://x.com/drb_ra/status/1897901888273596628, https://x.com/drb_ra/status/1897901985111683083, https://x.com/drb_ra/status/1897902041424445799, https://x.com/drb_ra/status/1897902062374899911, https://x.com/drb_ra/status/1897902066271490139, https://x.com/drb_ra/status/1897902083820400875, https://x.com/drb_ra/status/1897902083380056406, https://x.com/drb_ra/status/1897902097279988165, https://x.com/drb_ra/status/1897902103286190430, https://x.com/drb_ra/status/1897902107102998924, https://x.com/drb_ra/status/1897902125268468135, https://x.com/drb_ra/status/1897902123850801304, https://x.com/drb_ra/status/1897902144394551647, https://x.com/drb_ra/status/1897902153986867709, https://x.com/drb_ra/status/1897902163533128132, https://x.com/drb_ra/status/1897902165110169794, https://x.com/drb_ra/status/1897902179773534261, https://x.com/drb_ra/status/1897902186404762035, https://x.com/drb_ra/status/1897902191093903705, https://x.com/drb_ra/status/1897902227634745479, https://x.com/drb_ra/status/1897902703730213024, https://x.com/drb_ra/status/1897918769663520867, https://x.com/drb_ra/status/1897969567067979903, https://x.com/drb_ra/status/1897969943829713396, https://x.com/drb_ra/status/1897969962846765346, https://x.com/drb_ra/status/1897969982652162266, https://x.com/drb_ra/status/1897970001623052501, https://x.com/drb_ra/status/1897970021701177733, https://x.com/drb_ra/status/1897970041619939602, https://x.com/drb_ra/status/1897970062214008918, https://x.com/drb_ra/status/1897970083143582095, https://x.com/drb_ra/status/1897970104282780094, https://x.com/drb_ra/status/1897970126382669984, https://x.com/drb_ra/status/1897970149233221894, https://x.com/drb_ra/status/1897970173174260112, https://x.com/drb_ra/status/1897970196574327182, https://x.com/drb_ra/status/1897970221387829682, https://x.com/drb_ra/status/1897972761059881239, https://x.com/drb_ra/status/1897972782576644493, https://x.com/drb_ra/status/1897972806568001539, https://x.com/drb_ra/status/1897972830421004478, https://x.com/drb_ra/status/1897972856899752066, https://x.com/drb_ra/status/1897972879322444148, https://x.com/drb_ra/status/1897972902995042464, https://x.com/drb_ra/status/1898042653859619096, https://x.com/drb_ra/status/1898056815893499988, https://x.com/drb_ra/status/1898056834868494451, https://x.com/drb_ra/status/1898083176956019209, https://x.com/drb_ra/status/1898083391032930673, https://x.com/drb_ra/status/1898083409978700236, https://x.com/drb_ra/status/1898083430904033462, https://x.com/drb_ra/status/1898083451930046741, https://x.com/drb_ra/status/1898083474344452285, https://x.com/drb_ra/status/1898083495710171273, https://x.com/drb_ra/status/1898083517222822042, https://x.com/drb_ra/status/1898084035391590637, https://x.com/drb_ra/status/1898084053653258509, https://x.com/drb_ra/status/1898084071881765215, https://x.com/drb_ra/status/1898120468931957230, https://x.com/drb_ra/status/1898120986500719041, https://x.com/drb_ra/status/1898121004896899327, https://x.com/drb_ra/status/1898121025466126375, https://x.com/drb_ra/status/1898121043690061920, https://x.com/drb_ra/status/1898121063294550458, https://x.com/drb_ra/status/1898141793801122104, https://x.com/drb_ra/status/1898141812436373521, https://x.com/drb_ra/status/1898141853175709971, https://x.com/drb_ra/status/1898141873522307349, https://x.com/drb_ra/status/1898141893864694214, https://x.com/drb_ra/status/1898141913649496495, https://x.com/drb_ra/status/1898141934847209605, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 3 months ago
Appeared in 27 threat reports