IPMediumSignal 100/100
42.240.133.45
Location
ChinaBeijing, Beijing
ASN
AS136958
Shanghai UCloud Information Technology Company Limited
First Seen
Dec 25, 2024
Last Seen
Feb 23, 2026
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionBeijing, Beijing
ASNAS136958
OrganizationShanghai UCloud Information Technology Company Limited
Feed Intelligence Summary
18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abuseadversary simulation toolagent teslaakamaialibabaandroidantiapi contactaptarchivearmasiaasyncratattackb5tubase64beaconbeaconing activitybitbucketbotnetc2c2 communicationc2 frameworkcensyschinacncobaltcobalt strikecobaltstrikecode injectioncoinminercommand and controlcompromised systemconfigcredential harvestingctadanabotdata encryptiondata exfiltrationddosddos attacksdecoydeimosdiscorddistributed attacksdownloadere-commerceelfencodedeuropeexeextortionfeedfindfraudgafgytglobalhajimehavochuaweiindicatorindicators of compromiseinformation technologyinfrastructure acquisitionreconnaissanceinternet of thingsiociocsiotiot botnetiot/ics attackjquerylateral movementlateral movement techniqueslinkedin pagelnkloaderlummastealermalicious activitymalicious softwaremalwaremalware distributionmanualmedia & entertainmentmipsmirai botnetmozinanocore ratnetsupportratnetworknetwork traffic analysisopendirpayload deliverypayload deploymentpayload generationpenetration testing toolphishingphishing attackphppost-exploitationpost-exploitation activitiespost-exploitation activityprocess injectionprotectqakbotransomwareransomware feedremcos trojanremote accessremote access trojanremote servicesresearchedrev-base64-loadersaint helena, ascension and tristan da cunhasecurity operationssentinel mispserversliverslugsocial engineeringstrongsupershellsurface websystem disruptiont1003t1005t1016t1018t1021t1021.001t1027t1041t1047t1049t1053t1055t1059t1059.001t1059.003t1059.007t1068t1071t1071.001t1078t1083t1090t1090.001t1095t1105t1129t1134t1190t1204.001t1210t1486t1490t1496t1499.002t1499.003t1543t1565t1566t1566.001t1566.002t1566.003t1567t1569.002t1573t1573.001t1574t1587.001t1590.001telecommunicationthreat actorthreat feedthreat intelligenceua-wgetunixvietnamweb exploitationwebdavwebserverpiratax86-32xmrigzip
Activity Timeline
Feb 23Feb 23
Threat Activity Heatmap
· Peak: 2026-02-23LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenDec 25, 2024
Last seenFeb 23, 2026
GeolocationCN
CountryChina
LocationBeijing, Beijing
ASNAS136958
OrgShanghai UCloud Information Technology Company Limited
Coords34.7732, 113.7220
VirusTotal
Not checked
WHOIS
- description
- CC=CN ASN=AS58466 CHINANET Guangdong province network
- raw
- inetnum: 42.240.128.0 - 42.240.255.255 netname: UCLOUD-NET descr: Shanghai UCloud Information Technology Company Limited country: CN admin-c: JJ2197-AP tech-c: JJ2197-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-UCLOUD-NET-CN mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP last-modified: 2023-11-28T00:57:54Z source: APNIC irt: IRT-UCLOUD-NET-CN address: 2nd Floor 3rd Building No.200 EAST Guoding Road,Yangpu District,Shanghai e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: JJ2197-AP tech-c: JJ2197-AP mnt-by: MAINT-CNNIC-AP last-modified: 2021-09-01T00:41:22Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Jinhui Jia e-mail: [email protected] address: 510,SOHO B,Zhongguancun,Haidian, Beijing phone: +86-13811069300 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: JJ2197-AP last-modified: 2022-03-23T06:19:21Z source: APNIC
- references
- https://precisionsec.com/threat-intelligence-feeds/cobaltstrike/, https://threatfox.abuse.ch/export/csv/recent/, https://x.com/drb_ra/status/1889852842397065361, https://x.com/drb_ra/status/1889928980628979887, https://x.com/drb_ra/status/1889928998324765019, https://x.com/drb_ra/status/1889929015961739392, https://x.com/drb_ra/status/1889929533845021096, https://x.com/drb_ra/status/1889929551087804534, https://x.com/drb_ra/status/1889929568112566406, https://x.com/drb_ra/status/1889929585996996748, https://x.com/drb_ra/status/1889929603843805535, https://x.com/drb_ra/status/1889929623636681009, https://x.com/drb_ra/status/1889929642641076270, https://x.com/drb_ra/status/1889929660403994944, https://x.com/drb_ra/status/1889929679286706378, https://x.com/drb_ra/status/1889929698928631872, https://x.com/drb_ra/status/1889929718859968650, https://x.com/drb_ra/status/1889929738246037651, https://x.com/drb_ra/status/1889929758068400139, https://x.com/drb_ra/status/1889929777626358261, https://x.com/drb_ra/status/1889929798115533171, https://x.com/drb_ra/status/1889988974980301110, https://x.com/drb_ra/status/1889988996144713755, https://x.com/drb_ra/status/1889989016923374035, https://x.com/drb_ra/status/1889989534844404072, https://x.com/drb_ra/status/1889989553353822545, https://x.com/drb_ra/status/1889989572811227546, https://x.com/drb_ra/status/1889989592042135836, https://x.com/drb_ra/status/1889989612032147660, https://x.com/drb_ra/status/1889989634371060148, https://x.com/drb_ra/status/1889989654524682506, https://x.com/drb_ra/status/1890110524366713301, https://x.com/drb_ra/status/1890110632944611411, https://x.com/drb_ra/status/1890110652242686432, https://x.com/drb_ra/status/1890111319455723914, https://x.com/drb_ra/status/1890111337453564004, https://x.com/drb_ra/status/1890111354830483506, https://x.com/drb_ra/status/1890111373151203407, https://x.com/drb_ra/status/1890111389605478544, https://x.com/drb_ra/status/1890111406454014301, https://x.com/drb_ra/status/1890111425185816948, https://x.com/drb_ra/status/1890111444408320465, https://x.com/drb_ra/status/1890111461508456723, https://x.com/drb_ra/status/1890111479636193518, https://x.com/drb_ra/status/1890111495566233846, https://x.com/drb_ra/status/1890111513803022548, https://x.com/drb_ra/status/1890111530517360878, https://x.com/drb_ra/status/1890111552499642712, https://x.com/drb_ra/status/1890111571768283488, https://x.com/drb_ra/status/1890111589321437496, https://x.com/drb_ra/status/1890111610301346123, https://x.com/drb_ra/status/1890111631017013377, https://x.com/drb_ra/status/1890111652357672971, https://x.com/drb_ra/status/1890111671370408035, https://x.com/drb_ra/status/1890111693088571463, https://x.com/drb_ra/status/1890130062650867917, https://x.com/drb_ra/status/1890130134784446910, https://x.com/drb_ra/status/1890130154812277156, https://x.com/drb_ra/status/1890145660994720060, https://x.com/drb_ra/status/1890145842289336789, https://x.com/drb_ra/status/1890145950196171069, https://x.com/drb_ra/status/1890172696392093936, https://raw.githubusercontent.com/openphish/public_feed/refs/heads/main/feed.txt, https://urlhaus.abuse.ch/downloads/text_online/, https://www.shodan.io/search?query=product%3A%22Cobalt+Strike+Beacon%22, https://urlhaus.abuse.ch/browse/, https://x.com/drb_ra/status/1871447345717530988, https://x.com/drb_ra/status/1871447350880739502, https://x.com/drb_ra/status/1871447643379109975, https://x.com/drb_ra/status/1871447693132013907, https://x.com/drb_ra/status/1871447745866932291, https://x.com/drb_ra/status/1871447793484828989, https://x.com/drb_ra/status/1871447841421623725, https://x.com/drb_ra/status/1871449053130899537, https://x.com/drb_ra/status/1871449102061556063, https://x.com/drb_ra/status/1871449152980463623, https://x.com/drb_ra/status/1871449200728457406, https://x.com/drb_ra/status/1871449251601150184, https://x.com/drb_ra/status/1871449307393720688, https://x.com/drb_ra/status/1871449359583531192, https://x.com/drb_ra/status/1871449407830557058, https://x.com/drb_ra/status/1871449454123073644, https://x.com/drb_ra/status/1871449509525622844, https://x.com/drb_ra/status/1871449562591994107, https://x.com/drb_ra/status/1871449608267968854, https://x.com/drb_ra/status/1871449652819837206, https://x.com/drb_ra/status/1871449706318221722, https://x.com/drb_ra/status/1871449776610533440, https://x.com/drb_ra/status/1871449819220455532, https://x.com/drb_ra/status/1871449859984871791, https://x.com/drb_ra/status/1871449905639940262, https://x.com/drb_ra/status/1871449950669914473, https://x.com/drb_ra/status/1871450001077088615, https://x.com/drb_ra/status/1871450053069734391, https://x.com/drb_ra/status/1871450100863754545, https://x.com/drb_ra/status/1871450145042428354, https://x.com/drb_ra/status/1871512847542587450, https://x.com/drb_ra/status/1871512918543753359, https://x.com/drb_ra/status/1871513465774551057, https://x.com/drb_ra/status/1871610689665773759, https://x.com/drb_ra/status/1871629215310958976, https://x.com/drb_ra/status/1871629261695779026, https://x.com/drb_ra/status/1871629312375533890, https://x.com/drb_ra/status/1871629363101491257, https://x.com/drb_ra/status/1871629412598526012, https://x.com/drb_ra/status/1871629485340238243, https://x.com/drb_ra/status/1871629543049670891, https://x.com/drb_ra/status/1871629596485132709, https://x.com/drb_ra/status/1871630138296930557, https://x.com/drb_ra/status/1871630204017533074, https://x.com/drb_ra/status/1871630258753130979, https://x.com/drb_ra/status/1871630308510175343, https://x.com/drb_ra/status/1871630367414948026, https://x.com/drb_ra/status/1871630425162174945, https://x.com/drb_ra/status/1871630492115832848, https://x.com/drb_ra/status/1871630549716201520, https://x.com/drb_ra/status/1871630599666200970, https://x.com/drb_ra/status/1871630653802070255, https://x.com/drb_ra/status/1871630742490652886, https://x.com/drb_ra/status/1871630794890133533, https://x.com/drb_ra/status/1871665217001935016, https://x.com/drb_ra/status/1871665276175208602, https://x.com/drb_ra/status/1871665333888823327, https://x.com/drb_ra/status/1871665381234159659, https://x.com/drb_ra/status/1871665922945212907, https://x.com/drb_ra/status/1871665997591265648, https://x.com/drb_ra/status/1871690761768783953, https://x.com/drb_ra/status/1871690810615628209, https://x.com/drb_ra/status/1871690867142279528, https://x.com/drb_ra/status/1871690917029335264, https://x.com/drb_ra/status/1871690963124662311, https://x.com/drb_ra/status/1871691499559403629, https://x.com/drb_ra/status/1871691546070011978, https://x.com/drb_ra/status/1871691605914300839, https://x.com/drb_ra/status/1871691655159640394, https://x.com/drb_ra/status/1871691706921558147, https://x.com/drb_ra/status/1871691763771187237, https://x.com/drb_ra/status/1871691815809847341, https://x.com/drb_ra/status/1871691875020861540, https://x.com/drb_ra/status/1871691929211248903
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 3 months ago
Appeared in 18 threat reports