IOC Radar
IPMediumSignal 54/100

106.75.8.149

Location
ChinaChina
Yangpu, Shanghai
ASN
AS23724
Shanghai UCloud Information Technology Company Limited
First Seen
Feb 12, 2025
Last Seen
Jun 6, 2026
Feb 12
First Seen
487d ago
Jun 6
Last Seen
7d ago
20
Reports
source reports
54%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryCNChina
RegionYangpu, Shanghai
ASNAS23724
OrganizationShanghai UCloud Information Technology Company Limited

Feed Intelligence Summary

20 reports54% confidence
20
Source reports
54%
Confidence score
Category tags
abuseactive scanactive scanningasiaattackbad reputationbotnetbotnet activitybrute forcebrute force attackc2 serverchinacncommand & controlcommand and controlcommunication protocolcommunication technologiescompromised hostscowrie honeypotcowrie interactioncredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredata theftddosdecoy systemdenial of servicedionaea honeypotdistributed attacksexploit attemptsexploitation activityftp brute forcehoneytrap honeypothttp brute forceidentity & access exploitationindicatorinjection activityioclamplateral movementmailoney honeypotmalicious activitymalicious activity detectedmalicious payloadmalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmobile carriersmobile networksnetworknetwork probingnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysispassword attacksphishingphishing attackphishing trapprocess injectionransomwarereconnaissanceremote accessremote service exploitationremote servicesresearchedresource hijackingscannersentrypeer botnetservice scansftp access attemptsftp activitysftp attacksmtp brute forcesocial engineeringsocradar honeypotspamsql injection attemptsssh attackssh monitoringt1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1588t1595t1595.001t1595.002t1595.003tannertargeting databasetelecom servicestelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeunauthorized accessvalid accountsvoipvoip attackvulnerability scanweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
20
Reports
First seenFeb 12, 2025
Last seenJun 6, 2026
GeolocationCN
CountryChina
LocationYangpu, Shanghai
ASNAS23724
OrgShanghai UCloud Information Technology Company Limited
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

raw
inetnum: 106.75.0.0 - 106.75.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:50Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 20 threat reports