IPMediumSignal 71/100

`117.50.245.253`

Location

China

Beijing, Beijing

ASN

AS23724

Shanghai UCloud Information Technology Company Limited

First Seen

Aug 26, 2025

Last Seen

Jun 5, 2026

Aug 26

First Seen

293d ago

Jun 5

Last Seen

10d ago

Reports

source reports

71%

Confidence

medium

Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

71%

Signal Score

71 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

65 techniques

Network Information

Country

China

RegionBeijing, Beijing

ASNAS23724

OrganizationShanghai UCloud Information Technology Company Limited

Feed Intelligence Summary

25 reports71% confidence

Source reports

71%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanninganomalous network connectionsapacheapache attackeraptasiaattackattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication-attemptsauthentication_failuresautomated attackautomated attacksautomated-attackautomated_attackbad reputationbad web botblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2c2 serverchinachina mobilecisco devicecisco device targetingcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescncode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised credentialscompromised hostconnect scancowriecowrie datacowrie honeypotcowrie interactionscredential accesscredential attackcredential brute forcecredential harvestingcredential stuffingcredential-accesscredential-attackcredential-stuffingcredential_stuffingcvedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksddos preparationdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaeadionaea honeypotdionaea interactionsdistributed attacksdnsdns attackencryptionenterprise networkingeuropeexecutable fileexploitexploit attemptexploitation activityexploitation attemptexploitation attemptsexploited hostexternal reconnaissanceexternal remote servicesexternal threatexternal-threatexternal_threatfailed login attemptsfattfatt signaturesfin scanfinlandfranceftpftp brute forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp enumerationhttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationimapinbound scanindicatorinfected systeminitial accessinitial access attemptinitial-accessinjection activityinjection attacksinternet of thingsinternet-facinginternet_facing_serviceintrusion detectioniociot botnetiot device targetingiot securityiot targetediot/ics attackipv4ipv4 iocipv4-iocipv4_addressjapankill-chain exploitationkill-chain reconnaissancelamplamp exploit attemptslamp exploitation attemptlamp server targetinglamp stacklamp stack attacklamp stack targetinglateral movementlinux systemslinux-server-attacklinux-server-attacksloginlogin attacklogin attemptlogin brute forcelogin_attemptlow-riskmailoney honeypotmailoney interactionsmalicious activitymalicious communicationmalicious ipmalicious loginmalicious payload detectionmalicious script executionmalicious sftp activitymalicious sftp loginmalicious softwaremalicious ssh activitymalicious ssh loginmalicious trafficmalicious-activitymalicious-ipmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware delivery attemptmiraimirai botnetmssqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_attacknetwork_protocolnetwork_scanningnorth americanull scanoceaniaosintp0fp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword-guessingpassword_attackpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible malware distributionpossible mirai variantpotential exploit activityprocess injectionprotocol exploitationprotocol-abusepublicly accessible infrastructureransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote loginremote servicesremote-access-attemptremote_accessremote_access_serviceresearchedresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver exploitationservice scansftp access attemptsftp activitysftp attacksftp-attacksingaporesip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql-injectionsshssh attackssh monitoringssh-brute-forcesuricata alertssyn scansystem accesst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1552.001t1563t1565t1566.001t1566.002t1566.003t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcptcp protocoltcp scantcp scanningtelecommunicationstelnettelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat intelligencethreat preventionthreat-feedthreat-intelligencethreat_intelligencetimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesus nonevnc protocolvoidtrapvoidtrap-intelligencevoipvoip attackvulnerability scanvulnerability-scanningvultrvultr-platformweb app attackweb application attackweb attacksweb exploitweb exploitationweb spamweb trafficweb-application-attackxmas scan

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

71%

Confidence

Reports

First seenAug 26, 2025

Last seenJun 5, 2026

GeolocationCN

CountryChina

LocationBeijing, Beijing

ASNAS23724

OrgShanghai UCloud Information Technology Company Limited

Coords39.9042, 116.4070

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected attempting to brute force TELNET on DigitalOcean Toronto (CA) honeypot
raw: inetnum: 117.50.0.0 - 117.50.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:56:57Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC

`117.50.245.253`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy