IOC Radar
IPMediumSignal 50/100

106.75.67.101

Location
ChinaChina
Yangpu, Shanghai
ASN
AS23724
Shanghai UCloud Information Technology Company Limited
First Seen
May 23, 2024
Last Seen
Jun 12, 2026
May 23
First Seen
765d ago
Jun 12
Last Seen
14d ago
21
Reports
source reports
50%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryCNChina
RegionYangpu, Shanghai
ASNAS23724
OrganizationShanghai UCloud Information Technology Company Limited

Feed Intelligence Summary

21 reports50% confidence
21
Source reports
50%
Confidence score
Category tags
abuseactive scanactive scanningalaskaamerican expressasiaattackauto-generated securitybad reputationbad web botblacklisted ipbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute-forcebruteforcechinacisco devicecisco device targetingcitrix exploitationcitrix exploitation attemptcitrix securitycncommand and controlcommunication protocolcowriecowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredatabase securityddosddos attemptdecoy systemdenial of servicedevice managementdionaea honeypotdionaea malware collectiondistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingenterprise securityexploit targetingexploitation activityexploitation of privilegeftp attacksftp brute forcegithubhackinghoneytrap honeypothttp brute forcehttp scannerhttp scanninghttpshttps scanninghuaweiidentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceinjection activityintrusion detectioniot securityit infrastructurelamplamp server probinglamp server targetlamp stack targetinglateral movementloginmailoney honeypotmalicious activitymalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware hostingmanualnation-state activitynetworknetwork activitynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynorth americapassword attacksphishingphishing attackphishing trappossible malware probingpotential credential compromiseprobingprocess injectionprotocol exploitationpythonransomwarereconnaissancereconnaissance activityredis exploitationredis honeypotremote accessremote servicesresearchedresource hijackingscannerscripting attackssecurity operationssentrypeer activitysentrypeer botnetsftpsftp access attemptssftp attacksipsip brute forcesip scanningslugsmb scanningsmtpsmtp attackersmtp brute forcesocial engineeringsocradar honeypotsoftware developmentsshssh attackssh monitoringsurface webt1021t1021.001t1040t1041t1046t1053t1055t1059t1059.004t1059.007t1068t1071.001t1076t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationtelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencetor nodeudp scanunauthorized access attemptsunauthorized network activityunited statesunknown threat actorus-akuser enumerationvoipvoip attackvulnerability scanwebweb app attackweb application attackweb attackweb exploitationweb scannerweb shell uploadweb trafficwebscanwebscannerwestpac new zealand

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
21
Reports
First seenMay 23, 2024
Last seenJun 12, 2026
GeolocationCN
CountryChina
LocationYangpu, Shanghai
ASNAS23724
OrgShanghai UCloud Information Technology Company Limited
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 14 days ago
Appeared in 21 threat reports