IPMediumSignal 75/100
106.75.68.187
Location
ChinaYangpu, Shanghai
ASN
AS23724
Shanghai UCloud Information Technology Company Limited
First Seen
Apr 8, 2025
Last Seen
Mar 31, 2026
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionYangpu, Shanghai
ASNAS23724
OrganizationShanghai UCloud Information Technology Company Limited
Feed Intelligence Summary
13 reports75% confidence
13
Source reports
75%
Confidence score
Category tags
abuseactive scanactive scanningasiaattackaustraliaauthenticationauthentication attackauthentication attemptsbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptchinacommand and controlcompromised credentialscowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposuredecoy systemdistributed attackseuropeexploitexploitation activityexternal attackfail2ban alertfail2ban triggeredfailed loginftp brute forceidentity & access exploitationindicatorinitial accessinjection activitylateral movementlogin attackmalicious activitymalicious payloadmalicious softwaremalwarenetworknetwork intrusionnetwork probingnetwork scanningnetwork service scanningoceaniapassword attackpassword attacksprocess injectionransomwarereconnaissanceremote accessremote service exploitationremote service interactionresearchedresource developmentscannerscanning activityservice scansftp attackssh attackssh monitoringt1005t1018t1021t1021.004t1040t1041t1046t1055t1059t1059.004t1068t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195.002t1203t1486t1496t1499.002t1499.003t1565t1589t1589.002t1595t1595.001t1595.002t1595.003threat actorthreat intelligencetor nodetpotceunauthorized accessunited kingdomvalid accountsvulnerabilityvulnerability scanweb brute force
Activity Timeline
Mar 31Mar 31
Threat Activity Heatmap
· Peak: 2026-03-31LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
13
Reports
First seenApr 8, 2025
Last seenMar 31, 2026
GeolocationCN
CountryChina
LocationYangpu, Shanghai
ASNAS23724
OrgShanghai UCloud Information Technology Company Limited
Coords34.7732, 113.7220
VirusTotal
Not checked
WHOIS
- description
- Host bruteforcing SSH
- raw
- inetnum: 106.75.0.0 - 106.75.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC
- references
- https://redpiranha.net, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 13 threat reports