IOC Radar
IPMediumSignal 69/100

101.36.106.134

Location
Hong KongHong Kong
Hong Kong, Kowloon
ASN
AS135377
Ucloud Information Technology (hk) Limited
First Seen
Jan 4, 2024
Last Seen
Jun 8, 2026
Jan 4
First Seen
891d ago
Jun 8
Last Seen
5d ago
35
Reports
source reports
69%
Confidence
medium
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

97 techniques

Network Information

CountryHKHong Kong
RegionHong Kong, Kowloon
ASNAS135377
OrganizationUcloud Information Technology (hk) Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

35 reports69% confidence
35
Source reports
69%
Confidence score
Category tags
#18-29abuseacademic institutionsaccess controlaccount compromiseaceville pteltdackack scanactive scanactive scanningadbhoney activityadbhoney alertsadbhoney honeypotaddress rangeakamaiasn1alaskaallocation typeapacheapache attackerapnicapnic irtapnic routeaptas132203 descras132203 nameasiaasset discoveryattackattack attemptattacker ipsattacker-ipaustraliaauthentication abuseauthentication attemptsauto-generated securityautomated attackautomated attack attemptsautomated attacksautomated enumerationautomated reconnaissance activityautomated-attackbad reputationbad web botblacklisted ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcec2c2 communicationc2 servercanadacertchinacidrciscocisco asa vulnerabilitycisco attackcisco devicecisco device attackcisco device targetingcisco exploitation attemptscitrix attack attemptcitrix securitycivil servicesclosecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncode-injectioncollyer quaycommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication technologiescompromised credentialscompromised hostcompromised hostsconnect scanconnected devicesconpot honeypotcontainer securitycowriecowrie activitycowrie attackcowrie attackscowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscredential accesscredential attackcredential brute forcecredential brute-forcingcredential guessingcredential harvestingcredential stuffingcredential-abusecredential-stuffingcredential_attackcriminal ipctacubacurlcvedata aggregationdata encryptiondata exfiltrationdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase scandatabase securitydcerpcddosddos attackddos attack indicatorsddos preparationddospotdecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdictionary_attackdigital oceandigitalocean infrastructuredionaeadionaea activitydionaea attackdionaea attacksdionaea detectiondionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockereducational resourceseducational serviceseducational technologyelasticpot honeypotelasticsearchelasticsearch monitoringelectronic health recordsemailencryptionenterprise networkingenterprise securityentity apa7apenumerationeu cyber policieseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit kitsexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexposed servicesexternal threatexternal-scanningextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinlandfirstfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp scangalahgeckogeoipgermanyghostgluttongooglegopotgovernment technologyhackinghandlehealth care and social assistancehealth information technologyhealthcare information systemshellohellpothigher educationhkhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghospital managementhttp brute forcehttp probehttp probinghttp scannerhttp scanninghttpshttps probehydraicmpics securityidentity & access exploitationimapincome atincome at rafflesindicatorindicators of compromiseindonesiaindustrial control systemsindustrial iotinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure communicationinfrastructure scanninginitial accessinitial access activityinitial access preparationinjection activityinjection attacksintel macinternet exposedinternet facing assetinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing serviceinternet-wide scanintrusion detectioniociocsiot analyticsiot applicationsiot platformsiot securityiot/ics attackipphoney honeypotipv4ipv4 addressipv4 scanningit infrastructurejapank-12 educationkejizhongyikhtmlkibanakr adminclamplamp attacklamp attack attemptlamp exploit attemptslamp exploitation attemptslamp server attacklamp stack attacklamp stack attackslamp stack targetinglateral movementlateral movement techniqueslcialevel3linux serverslinux system targetinglinux x8664linux-server-attacklinux_server_attackslog4potlogin attacklogin attemptlogin attemptslogin_attemptmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmailoney trafficmalicious activitymalicious activity detectedmalicious file transfermalicious ipsmalicious login attemptsmalicious network activitymalicious softwaremalicious software detectionmalicious trafficmalicious-login-attemptsmalwaremalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware landingmalware propagationmalware_activitymanualmasscanmediamedical servicesmedpotmedusamexicominimobilemobile carriersmobile networksmobile securitymonthlymssqlmusic channelmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-reconnaissancenetwork_activitynetwork_probingnetwork_reconnaissancenmapnorth americanorwichnull scanoceaniaopen port detectionos fingerprintingos xosint enrichmentp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword crackingpassword sprayingpassword_attackpatient careperimeter securityphishingphishing attackphishing trapping of deathpolandport-scanningportable allocationportscanportscannerspossible malware distributionpossible mirai variantpotential botnetpotential credential theftpotential exploit attemptspotential intrusionpotential malicious activitypotential vulnerability probingprivilege escalationprocess injectionprotocol exploitationprotocol-abuseprotonproxyproxy accesspublic administrationpublic infrastructurepublic policypublic urlqcloudradio ukrafflesransomwareransomware activityrcerdp attacksreconnaissancereconnaissance activityredis honeypotredishoneypot activityregional securityregulatory agenciesremote accessremote code executionremote servicesresearchresearchedresource hijackingretail radioretail tradescams & fraudscannerscanner activityscanner detectionscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserverserver exploitationserver securityservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice_enumerationseznamsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp exploitsftp traffic analysissftp-attacksg phoneshell accessshell access attemptsingaporesip attackssip brute forcesip scansip scanningsippsmart devicessmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scanningsmtp traffic analysissnaresocial engineeringsocradarsocradar honeypotsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh monitoringssh scanssh-brutessh-brute-forcestatusstealth scansurface websuricata alertsuricata alertssynsyn scansystem accesssystem disruptiont1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1027t1040t1041t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1590t1590.001t1590.004t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltcp scantcp-scanningtcp/iptelecom servicestelecommunicationstelnet attackstelnet threattelnet-brute-forcetencent buildingthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetorontotpottwitterubuntuudp port scanudp scanudp-scanningukraineunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunited kingdomunited statesunknown threat actorunusual network trafficus-akuservnc protocolvoidtrapvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application attacksweb application scanweb application scanningweb attackweb attacksweb crawling detectionweb exploitweb exploitationweb login attemptweb scannerweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackweb_attackwgetwhois serverwin32 malwarewindows malwarewindows ntwindows system targetingwordpotxmas scan

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
35
Reports
First seenJan 4, 2024
Last seenJun 8, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, Kowloon
ASNAS135377
OrgUcloud Information Technology (hk) Limited
Coords22.3193, 114.1690
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 101.36.106.0 - 101.36.106.255 netname: UCLOUD-HK descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED country: HK admin-c: UITH2-AP tech-c: UITH2-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-UCLOUD-HK mnt-irt: IRT-UCLOUD-HK abuse-c: AU164-AP last-modified: 2024-08-27T06:36:52Z source: APNIC irt: IRT-UCLOUD-HK address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong e-mail: [email protected] abuse-mailbox: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP auth: # Filtered remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 mnt-by: MAINT-UCLOUD-HK last-modified: 2025-07-01T09:50:40Z source: APNIC role: ABUSE UCLOUDHK country: ZZ address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: AU164-AP remarks: Generated from irt object IRT-UCLOUD-HK remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-07-01T09:51:21Z source: APNIC role: UCLOUD INFORMATION TECHNOLOGY HK LIMITED address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong country: HK phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: UITH2-AP notify: [email protected] mnt-by: MAINT-UCLOUD-HK last-modified: 2022-05-16T03:54:14Z source: APNIC route: 101.36.106.0/24 origin: AS135377 descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED FLAT/RM 603 6/F LAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD, KL, mnt-by: MAINT-UCLOUD-HK last-modified: 2020-11-26T07:22:41Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 5 days ago
Appeared in 35 threat reports