IOC Radar
IPMediumSignal 65/100

106.75.215.144

Location
ChinaChina
Yangpu, Shanghai
ASN
AS17621
Shanghai UCloud Information Technology Company Limited
First Seen
Dec 25, 2024
Last Seen
Apr 15, 2026
Dec 25
First Seen
550d ago
Apr 15
Last Seen
74d ago
12
Reports
source reports
65%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryCNChina
RegionYangpu, Shanghai
ASNAS17621
OrganizationShanghai UCloud Information Technology Company Limited

Feed Intelligence Summary

12 reports65% confidence
12
Source reports
65%
Confidence score
Category tags
active scanactive scanningaptasiaasyncratbianlianbotnetbotnet activitybrute forcec2censyschinacobaltstrikecommand & controlcommand and controlcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredcratdistributed attacksdrb-raencryptionexploitation activityextortionhackinghak5_cloud_c2havocidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinjection activitymalicious softwaremalwaremanualmythicnetsupportratnetworkphishingphishing attackprocess injectionqakbotransomwarereconnaissanceremcos trojanremote accessremote servicesresearchedreverse_sshscannerself-signedshodansliversocial engineeringsocial media exploitationsupershellsystem disruptiont1005t1016t1021t1021.001t1027t1036t1047t1053t1055t1059t1059.003t1068t1071t1071.001t1078t1083t1105t1190t1204t1486t1490t1496t1499.002t1499.003t1547t1565t1566t1566.001t1566.002t1566.003t1572t1583t1584t1587.001t1588t1590.001t1592t1595t1595.001t1595.002t1595.003t1598threat actortor nodeunknown malware

Activity Timeline

1 total obs
Apr 15Apr 15

Threat Activity Heatmap

· Peak: 2026-04-15
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
12
Reports
First seenDec 25, 2024
Last seenApr 15, 2026
GeolocationCN
CountryChina
LocationYangpu, Shanghai
ASNAS17621
OrgShanghai UCloud Information Technology Company Limited
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
ip:port combination that delivery a malware payload
raw
inetnum: 106.75.0.0 - 106.75.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC
references
https://threatfox.abuse.ch/export/csv/recent/, https://x.com/drb_ra/status/1910148738238054618, https://x.com/drb_ra/status/1910222573872284010, https://x.com/drb_ra/status/1910222598555791704, https://x.com/drb_ra/status/1910222624833090030, https://x.com/drb_ra/status/1910222648249823375, https://x.com/drb_ra/status/1910223168997896487, https://x.com/drb_ra/status/1910223189940019501, https://x.com/drb_ra/status/1910223210899009772, https://x.com/drb_ra/status/1910223232046612770, https://x.com/drb_ra/status/1910223253550801021, https://x.com/drb_ra/status/1910223275159937220, https://x.com/drb_ra/status/1910223296173387977, https://x.com/drb_ra/status/1910223317396500959, https://x.com/drb_ra/status/1910223338535891048, https://x.com/drb_ra/status/1910223370530025889, https://x.com/drb_ra/status/1910223402335416334, https://x.com/drb_ra/status/1910223428923142243, https://x.com/drb_ra/status/1910223456081228153, https://x.com/drb_ra/status/1910223479460274522, https://x.com/drb_ra/status/1910223504219263198, https://x.com/drb_ra/status/1910223528525254947, https://x.com/drb_ra/status/1910224046899319245, https://x.com/drb_ra/status/1910224065631056223, https://x.com/drb_ra/status/1910242292251664433, https://x.com/drb_ra/status/1910283271977460203, https://x.com/drb_ra/status/1910283291271327953, https://x.com/drb_ra/status/1910283309977907389, https://x.com/drb_ra/status/1910283327656894895, https://x.com/drb_ra/status/1910283345998528679, https://x.com/drb_ra/status/1910283365506297867, https://x.com/drb_ra/status/1910287422606242092, https://x.com/drb_ra/status/1910287440805245424, https://x.com/drb_ra/status/1910287458790482197, https://x.com/drb_ra/status/1910287477320843603, https://x.com/drb_ra/status/1910287496388260190, https://x.com/drb_ra/status/1910403813460078602, https://x.com/drb_ra/status/1910403831260684574, https://x.com/drb_ra/status/1910403848407240758, https://x.com/drb_ra/status/1910403866161471601, https://x.com/drb_ra/status/1910404383302430738, https://x.com/drb_ra/status/1910404401082360188, https://x.com/drb_ra/status/1910404419058819434, https://x.com/drb_ra/status/1910404437455077693, https://x.com/drb_ra/status/1910404456585498790, https://x.com/drb_ra/status/1910404475208294614, https://x.com/drb_ra/status/1910404494682448186, https://x.com/drb_ra/status/1910404515649511442, https://x.com/drb_ra/status/1910404536574869757, https://x.com/drb_ra/status/1910404558561362245, https://x.com/drb_ra/status/1910404579415511478, https://x.com/drb_ra/status/1910404601183895801, https://x.com/drb_ra/status/1910404622084170174, https://x.com/drb_ra/status/1910404642879455664, https://x.com/drb_ra/status/1910404666128560450, https://x.com/drb_ra/status/1910404687083294964, https://x.com/drb_ra/status/1910404708620972467, https://x.com/drb_ra/status/1910404730201002244, https://x.com/drb_ra/status/1910404751340064975, https://x.com/drb_ra/status/1910404772412452915, https://x.com/drb_ra/status/1910404792981348787, https://x.com/drb_ra/status/1910405311867097514, https://x.com/drb_ra/status/1910405331232186577, https://x.com/drb_ra/status/1910405352404766782, https://x.com/drb_ra/status/1910405373129064764, https://x.com/drb_ra/status/1910405394700394935, https://x.com/drb_ra/status/1910405416669892646, https://x.com/drb_ra/status/1910424181424177566, https://x.com/drb_ra/status/1910424200130478579, https://x.com/drb_ra/status/1910424220007309729

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 12 threat reports