IPMediumSignal 65/100

`118.193.56.229`

Location

Thailand

Bangkok, Bangkok

ASN

AS135377

Ucloud Information Technology (hk) Limited

First Seen

Jan 26, 2024

Last Seen

Jun 7, 2026

Jan 26

First Seen

872d ago

Jun 7

Last Seen

10d ago

Reports

source reports

65%

Confidence

medium

14/91

VirusTotal

detections

Found in 36 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

65%

Signal Score

65 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

94 techniques

Network Information

Country

Thailand

RegionBangkok, Bangkok

ASNAS135377

OrganizationUcloud Information Technology (hk) Limited

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

36 reports65% confidence

Source reports

65%

Confidence score

Category tags

abuseaccess controlaccount compromiseackack scanactive scanactive scanningadbhoney honeypotapacheapache attackeraptasiaatif feedattackattack source ipattacker-ipaustraliaauthentication abuseauthentication attemptauthentication attemptsauthentication_bypassauto-generated securityautomated attackautomated-attackbad reputationbad web botbanlist feedbinary defenseblacklist candidateblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationc2 servercanadacertchinacisco asa targetedcisco devicecisco device targetingcisco exploitation attemptscitrix attackcitrix securitycloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentials attemptcompromised hostcompromised hostscompromised system attemptconnect scanconpot activityconpot honeypotcontainer securitycowriecowrie activitycowrie attackscowrie capturecowrie datacowrie honeypotcowrie interactionscowrie logscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-accesscredential-bruteforcingcredential-stuffingcredential_accessctacurldata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos attacksddos attemptddos probeddospotdecoy systemdenial of servicedevice managementdigital oceandigitalocean environmentdionaeadionaea activitydionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenterprise securityenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal reconnaissanceexternal scanexternal threatexternal-scanningexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin scanfinlandfirewall detectionfirewall evasionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcefull connect scangalahgermanygluttongopothackinghellpotheralding activityhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpshttps scanninghydraicmpics securityidentity & access exploitationimapimap brute forceindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessinitial access attemptinitial access vectorinjection activityinjection attacksinternet facing assetinternet of thingsinternet-facingintrusion detectioniociot botnetiot securityiot targetediot/ics attackip-addressesipphoney honeypotipv4ipv4 iocipv4 scanningipv4_addressjapankibanaknown malicious iplamplamp attacklamp attackslamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetinglateral movementlateral movement techniqueslcialinux-server-attacklog4potlogin attacklogin attemptlondonmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious activity detectedmalicious file transfermalicious network activitymalicious payloadmalicious payload detectionmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware hostingmalware propagationmanualmasscanmasscan activitymedpotmelbourne regionmirai botnetmssqlmysql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-reconnaissancenetwork_service_exploitationnetworkscanningnmapnmap scan detectednorth americanull scanoceaniaopen proxyopportunistic-attackos fingerprintingosint enrichmentp0fp0f fingerprintingp0f network fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword cracking attemptspassword sprayingphishingphishing attackphishing trapping of deathpolandpop3 brute forceport-scanningportscanpossible botnet activitypossible credential stuffingpossible exploit attemptpossible malware distributionpossible malware dropperpossible malware probingpossible mirai variantpossible vulnerability probingpotential exploit activitypotential exploit attemptspotential exploit targetingpotential intrusionpotential lateral movementpotential malware distributionpotential reconnaissance activityprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy accessransomwareransomware activityrcerdp attacksreconnaissanceredis honeypotremote accessremote access attemptremote access attemptsremote code executionremote service exploitationremote servicesremote_accessresearchedresource hijackingscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice version detectionsftp access attemptsftp access attemptssftp activitysftp attacksftp probingsftp-attackshell accessshell access attemptsingaporesip attackssip brute forcesip scanningsippsmb brute forcesmb scanningsmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh-brute-forcestealth scansuricata alertssynsyn scansystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1048t1053t1055t1057t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1205t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1539t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1588.006t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelnet attackstelnet threattelnet-brute-forceththailandthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontokyotor nodetpotudp port scanudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized scanningunauthorized-access-attemptunited kingdomunited statesunknown threat actoruser enumerationvnc protocolvoipvoip attackvulnerability scanvulnerability-exploitationvultrvultr infrastructurevultr infrastructure targetedweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb attackweb attacksweb exploitationweb exploitsweb login attemptweb scannerweb shellweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackwgetwindow scanwordpotxmasxmas scan

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

65%

Confidence

Reports

First seenJan 26, 2024

Last seenJun 7, 2026

GeolocationTH

CountryThailand

LocationBangkok, Bangkok

ASNAS135377

OrgUcloud Information Technology (hk) Limited

Coords13.7563, 100.5020

Proxy

VirusTotal

14/ 91vendors flagged

15% detection rateJun 8, 2026

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: inetnum: 118.193.56.0 - 118.193.57.255 netname: UCLOUD-TH descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED country: TH admin-c: UITH2-AP tech-c: UITH2-AP abuse-c: AU164-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-UCLOUD-HK mnt-irt: IRT-UCLOUD-HK last-modified: 2023-03-09T08:10:12Z source: APNIC irt: IRT-UCLOUD-HK address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong e-mail: [email protected] abuse-mailbox: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP auth: # Filtered remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 mnt-by: MAINT-UCLOUD-HK last-modified: 2025-07-01T09:50:40Z source: APNIC role: ABUSE UCLOUDHK country: ZZ address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: AU164-AP remarks: Generated from irt object IRT-UCLOUD-HK remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-07-01T09:51:21Z source: APNIC role: UCLOUD INFORMATION TECHNOLOGY HK LIMITED address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong country: HK phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: UITH2-AP notify: [email protected] mnt-by: MAINT-UCLOUD-HK last-modified: 2022-05-16T03:54:14Z source: APNIC route: 118.193.56.0/24 origin: AS135377 descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED FLAT/RM 603 6/F LAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD, KL, mnt-by: MAINT-UCLOUD-HK last-modified: 2021-11-24T05:38:40Z country: TH source: APNIC

`118.193.56.229`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy