IOC Radar
IPMediumSignal 85/100

106.75.76.180

Location
ChinaChina
Yangpu, Shanghai
ASN
AS23724
Shanghai UCloud Information Technology Company Limited
First Seen
Jun 18, 2025
Last Seen
Dec 5, 2025
Jun 18
First Seen
361d ago
Dec 5
Last Seen
192d ago
18
Reports
source reports
85%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryCNChina
RegionYangpu, Shanghai
ASNAS23724
OrganizationShanghai UCloud Information Technology Company Limited

Feed Intelligence Summary

18 reports85% confidence
18
Source reports
85%
Confidence score
Category tags
abuseaccess controlactive scanningadbhoney honeypotantispamasiaattackauthentication failureback orifice trafficbotnetbrute forcebrute force attackbrute force attemptbrute force attemptsc2 serverchinacisco devicecommand and controlcommunication protocolcompromised hostscowrie honeypotcredential accesscredential stuffingdata exfiltrationdata theftdatabase attackddosddos attacksdecoy systemdevice managementdionaea honeypotdistributed attacksenterprise networkingftp brute forcehackinghoneytrap honeypothttp scanninghttps scanningindicatorinternet of thingsintrusion detectioniociot botnetiot/ics attacklamplamp stack attacklog4jmalaysiamalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmirai botnetnetgear dgn1000 rcenetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysispassword attackspossible botnet activityprocess injectionprotocol exploitationrcereconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscanning activityscripting attackssecurity policysentrypeer botnetsftp attacksocradar honeypotsora botnetspamssh attackssh monitoringsystembc botnett-pott1021t1021.002t1021.004t1040t1041t1046t1055t1056.001t1059t1059.001t1059.007t1071t1071.001t1078t1078.002t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566t1573t1595t1595.001t1595.002t1595.003tannertcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpottraceroute activityunauthorized accessvoipvoip attackweb attackweb exploitationzgrab scanner

Activity Timeline

1 total obs
Dec 5Dec 5

Threat Activity Heatmap

· Peak: 2025-12-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
18
Reports
First seenJun 18, 2025
Last seenDec 5, 2025
GeolocationCN
CountryChina
LocationYangpu, Shanghai
ASNAS23724
OrgShanghai UCloud Information Technology Company Limited
Coords31.2999, 121.5080

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 23 Telnet. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 106.75.0.0 - 106.75.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 months ago
Appeared in 18 threat reports