IOC Radar
IPMediumSignal 64/100

118.193.40.131

Location
Hong KongHong Kong
Hong Kong, Kowloon
ASN
AS135377
Ucloud Information Technology (hk) Limited
First Seen
Jan 7, 2026
Last Seen
Jun 6, 2026
Jan 7
First Seen
155d ago
Jun 6
Last Seen
4d ago
21
Reports
source reports
64%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Network Information

CountryHKHong Kong
RegionHong Kong, Kowloon
ASNAS135377
OrganizationUcloud Information Technology (hk) Limited

Feed Intelligence Summary

21 reports64% confidence
21
Source reports
64%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbhoney exploitsadbhoney honeypotapacheapache attackeraptasiaattackattacker ipsaustraliaauthentication bypassautomated attackautomated attacksautomated threatautomated threatsbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forceciscocisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecommand and controlcommunication protocolcompromised credentialsconpotconpot activityconpot honeypotcowriecowrie activitycowrie honeypotcowrie ssh attackscredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcve exploitationdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase probingdatabase securitydatabase serverddosddos attackddos reflectiondecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea activitydionaea honeypotdionaea malware collectionelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingexploitexploit attemptexploit attemptsexploit kitexploitationexploitation activityexploited hostexternal access attemptsexternal_threatfattfraud voipftpftp brute forcehackinghkhoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/shttpsics securityidentity & access exploitationindicatorindustrial control systemsinjection activityinjection attacksinternet-facing serviceinternet-wide scanintrusion detectioniociocsiot securityiot targetediot/ics attackipv4 addressipv4_activitylamplamp server attacklamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlinux serverslinux systemslinux_server_attacksmailoney honeypotmalicious activitymalicious emailmalicious softwaremalwaremalware behaviourmalware capturemalware detectionmalware distributionmalware propagationmalware_activitymssqlnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_discoveryoceaniaopenctip0fpassword attackpassword attacksperimeter securityphishingphishing attackphishing trapportscanpossible mirai variantpotential malicious activityprocess injectionprotocol exploitationransomwarereconnaissanceredis honeypotredishoneypotremote accessremote servicesresearchresearchedresource hijackingscams & fraudscannerscannersscanning activityscripting attackssensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationserver securityservice scanservice scanningsftpsftp access attemptsftp activitysftp attacksftp attackssftp exploitation attemptsingaporesipsip attackssip brute forcesip scansip scanningsmtpsmtp brute forcesmtp probingsocial engineeringsocradar honeypotspamsql injectionsql serversshssh attackssh monitoringssh-brutet1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1590t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotceudp port scanunauthorized accessunauthorized access attemptunknown threat actorvoipvoip attackvoip systemsvulnerability scanvultrvultr tokyoweb app attackweb application attackweb application scanweb application scanningweb attackweb attacksweb exploit attemptweb exploitationweb serversweb spamweb trafficweb_attack

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
21
Reports
First seenJan 7, 2026
Last seenJun 6, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, Kowloon
ASNAS135377
OrgUcloud Information Technology (hk) Limited
Coords22.2578, 114.1657

VirusTotal

Not checked

WHOIS

description
Auto-submitted attacker IPs from 6-region honeypot mesh (cowrie/dionaea/heralding/suricata).
raw
inetnum: 118.193.40.0 - 118.193.40.255 netname: UCLOUD-HK descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED country: HK admin-c: UITH2-AP tech-c: UITH2-AP abuse-c: AU164-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-UCLOUD-HK mnt-irt: IRT-UCLOUD-HK last-modified: 2024-08-26T12:44:47Z source: APNIC irt: IRT-UCLOUD-HK address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong e-mail: [email protected] abuse-mailbox: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP auth: # Filtered remarks: [email protected] was validated on 2026-02-27 remarks: [email protected] was validated on 2026-02-27 mnt-by: MAINT-UCLOUD-HK last-modified: 2026-02-27T02:07:48Z source: APNIC role: ABUSE UCLOUDHK country: ZZ address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: AU164-AP remarks: Generated from irt object IRT-UCLOUD-HK remarks: [email protected] was validated on 2026-02-27 remarks: [email protected] was validated on 2026-02-27 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2026-02-27T02:08:22Z source: APNIC role: UCLOUD INFORMATION TECHNOLOGY HK LIMITED address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong country: HK phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: UITH2-AP notify: [email protected] mnt-by: MAINT-UCLOUD-HK last-modified: 2022-05-16T03:54:14Z source: APNIC route: 118.193.40.0/24 origin: AS135377 descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED FLAT/RM 603 6/F LAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD, KL, mnt-by: MAINT-UCLOUD-HK last-modified: 2020-11-26T07:26:34Z source: APNIC route: 118.193.40.0/24 origin: AS62610 descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED FLAT/RM 603 6/F LAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD, KL, mnt-by: MAINT-UCLOUD-HK last-modified: 2025-07-27T09:59:33Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceansingapore-mssql-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-03/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 4 days ago
Appeared in 21 threat reports