IOC Radar
IPMediumSignal 64/100

101.36.114.198

Location
Korea, Republic ofKorea, Republic of
Seoul, Seoul
ASN
AS135377
Ucloud Information Technology (hk) Limited
First Seen
Aug 31, 2023
Last Seen
Jun 3, 2026
Aug 31
First Seen
1017d ago
Jun 3
Last Seen
10d ago
36
Reports
source reports
64%
Confidence
medium
Found in 36 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

89 techniques

Network Information

CountryKRKorea, Republic of
RegionSeoul, Seoul
ASNAS135377
OrganizationUcloud Information Technology (hk) Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

36 reports64% confidence
36
Source reports
64%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive portscanactive scanactive scanningadbhoney activityadbhoney honeypotadministrative accessapacheapache attackeraptasiaasset discoveryatif feedattackattack attemptattack surface discoveryattack vectorsattacker infrastructure identificationaustraliaauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attack blockingautomated attacksautomated threatautomated-attackbad reputationbad web botbankingbanlist feedbinary defenseblacklist candidateblacklist ipblock listblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackc&cc2c2 communicationcanadacertchina mobilecisco devicecisco vulnerability exploitationcitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication technologiescompany limitedcompromise attemptcompromised hostcompromised hostscompromised systemsconpot activityconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-stuffingcredential_accesscredit card servicesctacyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase exploit attemptsdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenterprise securityenumerationeuropeexploitexploit attemptexploit attemptsexploit probingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexposed servicesexternal access attemptsexternal attackexternal scanexternal scanningexternal threatexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfirewall_blockfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp scanftp_scangermanyhackinghk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttp/shttp_scanhttpsicmpics securityidentity & access exploitationimapimap attackinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access preparationinitial_accessinjection activityinjection attacksinternal scaninternet background noiseinternet exposedinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_wide_scanintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 addressipv4 addressesipv4 indicatorsipv4 port scanningipv4 scanningipv4_addressipv4_scanningjapankorea (the republic of)korea, republic ofkrlamplamp attacklamp attackslamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlinux malwarelinux serverslinux systemslinux-server-attackloginlogin attacklogin attemptlondonmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious emailmalicious emailsmalicious file transfermalicious infrastructuremalicious ip activitymalicious ip listmalicious ipsmalicious login attemptsmalicious network activitymalicious scanmalicious softwaremalicious trafficmalicious-login-attemptsmalicious-scanmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware download attemptsmalware propagationmanualmirai botnetmobile carriersmobile networksmssqlmysql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-reconnaissancenetwork_enumerationnetwork_reconnaissancenetwork_scanningnorth americanull scanobserved malicious activityoceaniaopen port detectionopen_port_discoveryoperating systemoperating system securityoriginos credential dumpingp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword sprayingpayment processingpgp signphishingphishing attackphishing trapphp injection attemptsping of deathpolandport-scanningportscanpossible malware distributionpossible mirai variantpotential intrusion attemptpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolpublic cloud targetingransomwarerdp scanrdp_brute_forcerdp_scanreconnaissancereconnaissance activityredis exploitationredis honeypotredis protocolremote accessremote servicesresearchresearchedresource hijackingscams & fraudscanscannerscanner ipscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice scanningservice-discoveryservice_enumerationsftp activitysftp attacksftp attackssftp-attacksip attackssmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsocial engineeringsocradarsoftware exploitationsouth koreaspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh scanssh-brutessh-brute-forcessh_brute_forcessh_scansuricata alertsuricata alertsswedensynsyn scansystem accesst-pott1003t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1047t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1087t1088t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1587.001t1588t1589t1589.002t1590t1590.001t1590.005t1590.006t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner attackstanner eventstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp-scantcp/3306tcp/iptcp_scantelecom servicestelecommunicationstelnet scantelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_actor_unknownthreat_intelligencetimeouttokyotor nodetpotudp port scanudp scanudp-scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized probingunauthorized-access-attemptunited kingdomunited statesunknown actorunknown threat actorus abuseus nonevnc protocolvoipvoip attackvulnerability scanvultrwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploit attemptsweb exploitationweb scannerweb shell attemptweb shell detectionweb spamweb trafficweb-application-attackwindows malwarexmas scan

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
36
Reports
First seenAug 31, 2023
Last seenJun 3, 2026
GeolocationKR
CountryKorea, Republic of
LocationSeoul, Seoul
ASNAS135377
OrgUcloud Information Technology (hk) Limited
Coords37.5658, 126.9780
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 10 days ago
Appeared in 36 threat reports