IPMediumSignal 64/100
152.32.134.156
Location
Hong KongHong Kong, Hong Kong
ASN
AS135377
Ucloud Information Technology (hk) Limited
First Seen
Sep 8, 2021
Last Seen
Jun 6, 2026
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryHong Kong
Hong KongRegionHong Kong, Hong Kong
ASNAS135377
OrganizationUcloud Information Technology (hk) Limited
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
34 reports64% confidence
34
Source reports
64%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityack scanactive scanactive scanningadminadministrative accessapacheapache attackeraptasiaattackattack surface discoveryattacker ipattacker ipsattacker-ipattacker_ipaustraliaauthenticationauthentication attemptsauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbankingblacklist candidateblacklist ipblock listblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcec2canadacertchina mobilecisco devicecisco device targetingcisco exploitation attemptscitrix exploitation attemptcitrix securitycloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemscowriecowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingcredential_accesscredit card servicescvecyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksddos probedecoy systemdenial of servicedevice managementdigital oceandigitalocean environmentdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackencryptionenterprise networkingenterprise securityenumerationeuropeexfiltrationexploitexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal attackexternal ipexternal threatexternal-threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp_bruteforceftp_servergermanyhackinghkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsicmpidentity & access exploitationimapimap attackindicatorindicators of compromiseinfrastructure acquisitionreconnaissanceinfrastructure attackinitial accessinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet facinginternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-wide scaninternet_scanintrusion detectioniociot botnetiot securityiot/ics attackip-addressesipv4ipv4 addressesipv4 indicatorsipv4 scanningipv4-iocjapanlamplamp exploit attemptslamp server attacklamp stack attacklamp stack attackslamp stack targetinglateral movementlinux serverslinux systemslinux-server-attacklogin attemptlogin brute-forcelogin_attackmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ipmalicious ip activitymalicious ipsmalicious login attemptsmalicious payload detectionmalicious scanmalicious softwaremalicious software detectionmalicious trafficmalicious-login-attemptsmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware propagationmalware-related botnet activitymanualmelbourne regionmiraimirai botnetmonthlymssqlmssql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_reconnaissancenetwork_scanningnorth americaoceaniaopen_port_discoveryoperating systemoperating system securityp0fp0f fingerprintingp0f network fingerprintingp0f signaturesparispassword attackpassword attackspassword_attackpayment processingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible botnet infectionpossible exploit attemptpossible mirai variantpotential credential theftpotential exploit activitypotential malware infectionpotential threat actorpotential vulnerability probingpotential vulnerability scanpotential_compromiseprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolransomwarerdprdp attacksreconnaissancereconnaissance activityredis honeypotremote accessremote code executionremote servicesresearchedresource hijackingrtbhscams & fraudscanscannerscanner ipscanner ipsscannersscanning activitysecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice scanningservice_enumerationsftp access attemptsftp activitysftp attacksftp exploitation attemptssftp-attacksip attackssip scanningsmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsocradar honeypotspamsql injectionsql injection attemptsshssh attackssh attacksssh monitoringssh-brute-forcesuricata alertssyn scansystem accesst-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1068t1069.001t1071t1071.001t1076t1077t1078t1078.002t1083t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1583t1587.001t1589t1590t1590.001t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcptcp protocoltcp scantcp/iptcp_scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencetimeouttokyotor nodetorontotpotudp port scanudp scanudp_scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized-access-attemptunited kingdomunited statesunknown threat actorus nonevnc protocolvoidtrapvoipvoip attackvulnerability scanvultrvultr infrastructure targetedvultr-platformwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attacksweb exploitweb exploitationweb scannerweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackwinwindowsxmas scan
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
34
Reports
First seenSep 8, 2021
Last seenJun 6, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, Hong Kong
ASNAS135377
OrgUcloud Information Technology (hk) Limited
Coords22.2855, 114.1577
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- inetnum: 152.32.134.0 - 152.32.134.255 netname: UCLOUD-HK descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED country: HK admin-c: UITH2-AP tech-c: UITH2-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-UCLOUD-HK mnt-irt: IRT-UCLOUD-HK abuse-c: AU164-AP last-modified: 2024-08-27T05:30:25Z source: APNIC irt: IRT-UCLOUD-HK address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong e-mail: [email protected] abuse-mailbox: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP auth: # Filtered remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 mnt-by: MAINT-UCLOUD-HK last-modified: 2025-07-01T09:50:40Z source: APNIC role: ABUSE UCLOUDHK country: ZZ address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: AU164-AP remarks: Generated from irt object IRT-UCLOUD-HK remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-07-01T09:51:21Z source: APNIC role: UCLOUD INFORMATION TECHNOLOGY HK LIMITED address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong country: HK phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: UITH2-AP notify: [email protected] mnt-by: MAINT-UCLOUD-HK last-modified: 2022-05-16T03:54:14Z source: APNIC route: 152.32.134.0/24 origin: AS135377 descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED FLAT/RM 603 6/F LAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD, KL, mnt-by: MAINT-UCLOUD-HK last-modified: 2020-11-26T07:28:41Z source: APNIC
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 4 days ago
Appeared in 34 threat reports