IOC Radar
IPMediumSignal 56/100

118.193.33.228

Location
Hong KongHong Kong
Hong Kong, Hong Kong
ASN
AS135377
Ucloud Information Technology (hk) Limited
First Seen
Aug 26, 2020
Last Seen
Jun 6, 2026
Aug 26
First Seen
2122d ago
Jun 6
Last Seen
13d ago
25
Reports
source reports
56%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryHKHong Kong
RegionHong Kong, Hong Kong
ASNAS135377
OrganizationUcloud Information Technology (hk) Limited

Feed Intelligence Summary

25 reports56% confidence
25
Source reports
56%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount compromiseactive scanactive scanningaggressive-detectionapacheapache attackeraptasiaattackattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication failuresauthentication_failuresautomated attackautomated attacksautomated multi-vector probingbad reputationbad web botblacklisted ip addressblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebruteforcec2c2 communicationcisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised hostconnection-resetcowriecowrie datacowrie honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential-harvestingcredential_stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea honeypotdistributed attacksenterprise networkingenv-huntingeuropeexploitationexploitation activityexploited hostfattftpftp brute forceftp brute-forcehackinghkhoneytrap honeypothong konghttp scannerhttp scanninghttpshttps scanningidentity & access exploitationindiaindicatorinformation technologyinitial accessinitial access attemptinitial-accessinjection activityinjection attacksinternet-wide monitoringintrusion detectioniot securityiot targetedip-addressipv4ipv4 attackipv4 threatit infrastructurelamplamp stacklateral movementlinux systemslogin attacklogin attemptmailoney honeypotmalaysiamalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork security monitoringnetwork-attacknginxnoticeoceaniap0fpassword attackpassword attackspassword_guessingphishingphishing attackphishing trapping of deathport-scanportscanpossible ddos activityprocess injectionprotocol exploitationprotocol-probingpublicly accessible infrastructureransomwarereconnaissanceremote accessremote access serviceremote servicesremote_accessresearchresearchedresource hijackingscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetservice scansftp attacksip brute forcesip scanningsmtpsocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspamsql-injectionsshssh attackssh monitoringssh-brutesystem accesst1005t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1078t1078: valid accountst1087t1105t1110t1110.001t1110.001: password guessingt1110.002t1110.003t1110.004t1110: brute forcet1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1589t1590t1592t1595t1595.001t1595.002t1595.003ta0001: initial accesstannertargeting databasetcp protocoltcp scanningtelecommunicationstelnettelnet threatthreat activitythreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotunauthorized access attemptunited kingdomvoidtrapvoipvoip attackvulnerability scanvulnerability-scanvultrweb app attackweb application attackweb attackweb attacksweb exploitweb exploitationweb spamweb trafficweb-attack

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
25
Reports
First seenAug 26, 2020
Last seenJun 6, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, Hong Kong
ASNAS135377
OrgUcloud Information Technology (hk) Limited
Coords22.3193, 114.1690

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force SSH on DigitalOcean Toronto (CA) honeypot
raw
inetnum: 118.193.33.0 - 118.193.33.255 netname: UCLOUD-HK descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED country: HK admin-c: UITH2-AP tech-c: UITH2-AP abuse-c: AU164-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-UCLOUD-HK mnt-irt: IRT-UCLOUD-HK last-modified: 2024-08-26T12:42:43Z source: APNIC irt: IRT-UCLOUD-HK address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong e-mail: [email protected] abuse-mailbox: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP auth: # Filtered remarks: [email protected] was validated on 2026-02-27 remarks: [email protected] was validated on 2026-02-27 mnt-by: MAINT-UCLOUD-HK last-modified: 2026-02-27T02:07:48Z source: APNIC role: ABUSE UCLOUDHK country: ZZ address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: AU164-AP remarks: Generated from irt object IRT-UCLOUD-HK remarks: [email protected] was validated on 2026-02-27 remarks: [email protected] was validated on 2026-02-27 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2026-02-27T02:08:22Z source: APNIC role: UCLOUD INFORMATION TECHNOLOGY HK LIMITED address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong country: HK phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: UITH2-AP notify: [email protected] mnt-by: MAINT-UCLOUD-HK last-modified: 2022-05-16T03:54:14Z source: APNIC route: 118.193.33.0/24 origin: AS135377 descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED FLAT/RM 603 6/F LAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD, KL, mnt-by: MAINT-UCLOUD-HK last-modified: 2020-11-26T07:25:44Z source: APNIC route: 118.193.33.0/24 origin: AS62610 descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED FLAT/RM 603 6/F LAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD, KL, mnt-by: MAINT-UCLOUD-HK last-modified: 2025-07-27T09:58:44Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 13 days ago
Appeared in 25 threat reports