IOC Radar
IPMediumSignal 46/100

107.150.121.86

Location
Hong KongHong Kong
Hong Kong, Hong Kong
ASN
AS135377
UCLOUD
First Seen
Mar 12, 2025
Last Seen
May 5, 2026
Mar 12
First Seen
468d ago
May 5
Last Seen
50d ago
17
Reports
source reports
46%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryHKHong Kong
RegionHong Kong, Hong Kong
ASNAS135377
OrganizationUCLOUD

Feed Intelligence Summary

17 reports46% confidence
17
Source reports
46%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapplication layer protocolasiaattackaustraliaauthenticationauthentication abuseauthentication attackauthentication failuresbad reputationbotnetbotnet activitybotnet detectionbrute forcebrute force attackbrute force attemptbrute-forcebrute_forcebruteforcec2 communicationc2 detectionc2 servercommand & controlcommand and controlcompromised hostcompromised hostscowriecowrie honeypotcredential accesscredential stuffingcredential_accessdata exfiltrationdata store exposuredata theftddosdecoy systemdenial of servicedionaeadionaea honeypotdistributed attackseuropeexploitationexploitation activityexternal attackfail2ban alertfail2ban triggeredfailed loginftpftp brute forcegame_servergb-originating attackhackinghkhoneytrap honeypothong kongidentity & access exploitationindicatorinjection activityioclamplogin attacklogin attemptmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware filternetworknetwork anomaliesnetwork intrusionnetwork layer protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisoceaniapassword attackpassword attacksphishingpossible bot activitypotential intrusion attemptprocess injectionprotocol exploitationransomwarereconnaissanceremote accessresearchedscannersecurity operationssecurity policyservice scansftpsftp attacksmtpsocradar honeypotspamsshssh attackssh monitoringstaging_servert-pott1003t1021t1021.001t1021.002t1021.003t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1499.002t1499.003t1565t1566t1573t1573.001t1589.002t1595t1595.001t1595.002t1595.003telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanunauthorized accessunauthorized access attemptsunited kingdomvalid accountsvulnerability scan

Activity Timeline

1 total obs
May 5May 5

Threat Activity Heatmap

· Peak: 2026-05-05
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
17
Reports
First seenMar 12, 2025
Last seenMay 5, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, Hong Kong
ASNAS135377
OrgUCLOUD
Coords22.2908, 114.1501

VirusTotal

Not checked

WHOIS

raw
inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLOCK descr: General placeholder reference for all IPv4 addresses remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: This registration object does not contain remarks: specific registration details. remarks: remarks: This registration object is used only as a remarks: general placeholder for all IPv4 addresses remarks: and may include: remarks: remarks: - reserved address ranges remarks: - private use ranges remarks: - multicast ranges remarks: - address ranges administered by RIRs (Regional remarks: Internet Registries) remarks: remarks: If your query does not return an address range remarks: more specific than 0.0.0.0 - 255.255.255.255, it remarks: means the address is not administered by any RIR. remarks: For more specific information on the use of this remarks: IPv4 address space, see the Internet Assigned remarks: Numbers Authority (IANA) website at: remarks: remarks: http://www.iana.org remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:49Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 17 threat reports