IOC Radar
IPMediumSignal 51/100

106.75.176.89

Location
ChinaChina
Yangpu, Shanghai
ASN
AS136958
Shanghai UCloud Information Technology Company Limited
First Seen
Oct 30, 2023
Last Seen
Jun 9, 2026
Oct 30
First Seen
969d ago
Jun 9
Last Seen
16d ago
15
Reports
source reports
51%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

52 techniques

Network Information

CountryCNChina
RegionYangpu, Shanghai
ASNAS136958
OrganizationShanghai UCloud Information Technology Company Limited

Feed Intelligence Summary

15 reports51% confidence
15
Source reports
51%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningaptasiaattackaustraliabad reputationbad web botblacklisted ipsbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcec2 communicationcanadachinacloud infrastructurecloud infrastructure attackcloud providercloud servicescncommand & controlcommand and controlcommand executioncommunication protocolcompromised hostconfig manipulationcowrie honeypotcredential accesscredential guessingcredential stuffingcron injectiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedigital oceandionaea honeypotdistributed attacksdnsdns attackdnsservereuropeexploitexploit attemptsexploitation activityexploited hostfattfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap honeypothttp botnethttp brute forcehttp scanneridentity & access exploitationindicatorinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot targetediot/ics attackipv4irc botnetlateral movementlogin attemptmailoney honeypotmalicious activitymalicious ipmalicious ipsmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmariadbmiraimirai botnetmodule loadingnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynorth americaoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpotential botnet activitypotential threat actorprocess injectionprotocol exploitationrcereconnaissanceremote accessremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activitysecurity policysensor-taggedsentrypeer botnetserver exploitationservice discoveryservice scanskypeslaveofsmb brute forcesmtpsmtp brute forcespamsql injectionsshssh attackssh key injectionssh monitoringsystem accesst1016t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1068t1071t1071.001t1071.002t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136.001t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1563t1565t1573t1573.001t1574.001t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetorontotpotudpudp scanunauthorized access attemptunited statesvnc protocolvoipvoip attackvulnerabilityvulnerability scanweb app attackweb application attackweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
15
Reports
First seenOct 30, 2023
Last seenJun 9, 2026
GeolocationCN
CountryChina
LocationYangpu, Shanghai
ASNAS136958
OrgShanghai UCloud Information Technology Company Limited
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw
inetnum: 106.75.0.0 - 106.75.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 16 days ago
Appeared in 15 threat reports