IOC Radar
IPMediumSignal 61/100

152.32.141.154

Location
NigeriaNigeria
Lagos, Lagos
ASN
AS135377
Ucloud Information Technology
First Seen
Feb 14, 2025
Last Seen
Jun 11, 2026
Feb 14
First Seen
496d ago
Jun 11
Last Seen
14d ago
27
Reports
source reports
61%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

66 techniques

Network Information

CountryNGNigeria
RegionLagos, Lagos
ASNAS135377
OrganizationUcloud Information Technology

IP Category

VPN
VPN exit node

Feed Intelligence Summary

27 reports61% confidence
27
Source reports
61%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadbhoney attackadbhoney honeypotadministrative accessafricaaptasiaattackattacker ipattacker_ipaustraliaauthentication-failureautomated-attackback orificebad reputationbad web botbankingblock listblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2 communicationc2 servercensyschinachina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecolumnscommand & controlcommand and controlcommand injectioncommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemscowriecowrie activitycowrie attackcowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-dumpingcredential-stuffingcredential_accesscredit card servicesctad-link hnapdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdistributed attacksdnsdns attackdzs gponencryptionenterprise networkingeuropeexfiltrationexploitexploit kit activityexploit probingexploit_attemptexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal ipexternal-threatfattfatt analysisfinancefinance and insurancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp_bruteforcegermanyhackingheralding activityhk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap honeypothong konghttp brute forcehttp scannerhttp scanningidentity & access exploitationimapimap attackinbound scanindicatorinfrastructure reconnaissanceinfrastructure scanninginitial accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot device targetingiot securityiot targetediot/ics attackipv4ipv4 port scanningipv4-addressesjapanlamplamp exploitation attemptlamp server attacklamp stack attacklamp stack targetinglateral movementlateral_movementlinux-server-attackloginlogin attacklogin attemptmailoney activitymailoney attackmailoney attacksmailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious ip listmalicious login attemptsmalicious network activitymalicious softwaremalicious-ipmalicious-login-attemptsmalwaremalware activitymalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware_detectionmirai botnetmozi botnetms sql servermssqlmultiple port scanmysqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-reconnaissancengnigerianorth americaoceaniaopen port detectionopenctioperating systemoperating system securityp0fp0f fingerprintingp0f signaturespassword attackpassword attackspayment processingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible mirai variantpotential vulnerability scanpotential_compromiseprivilege escalationprocess injectionprotocol exploitationprotocol-abuseransomwarercereconnaissanceremote accessremote code executionremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventsservice enumerationservice probingservice scansftp activitysftp attacksftp-attacksftp_attacksip attackssip brute forcesip scanningsip_attacksmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp-attacksmtp_attacksocial engineeringsocradar honeypotspamsshssh attackssh attacksssh monitoringssh-brute-forcessh_bruteforcesuricata alertssynsystem accesst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1583.001t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner exploitstargeting databasetcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontimeouttor nodetpotturkeyudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunited kingdomunited statesus nonevoipvoip attackvpnvpn ipvulnerability scanvultrwealth managementweaver e-cologyweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb exploitsweb scannerweb shell uploadweb spamweb trafficweb-application-attackweb_attackzgrab

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

· Peak: 2026-06-11
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
27
Reports
First seenFeb 14, 2025
Last seenJun 11, 2026
GeolocationNG
CountryNigeria
LocationLagos, Lagos
ASNAS135377
OrgUcloud Information Technology
Coords6.5244, 3.3792
VPN

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=NG; ports=52869 Location=Sydney, Australia.
raw
inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC status: ALLOCATED UNSPECIFIED remarks: The country is really worldwide. remarks: This address space is assigned at various other places in remarks: the world and might therefore not be in the RIPE database. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-HM-MNT mnt-lower: AFRINIC-HM-MNT source: AFRINIC # Filtered parent: 0.0.0.0 - 255.255.255.255 organisation: ORG-IANA1-AFRINIC org-name: Internet Assigned Numbers Authority org-type: IANA country: EU # Country is really worldwide address: see http://www.iana.org remarks: The IANA allocates IP addresses and AS number blocks to RIRs remarks: see http://www.iana.org/ipaddress/ip-addresses.htm remarks: and http://www.iana.org/assignments/as-numbers admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-by: AFRINIC-HM-MNT remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC # Filtered role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: TEAM-AFRINIC tech-c: TEAM-AFRINIC nic-hdl: IANA1-AFRINIC remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-DB-MNT source: AFRINIC # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 14 days ago
Appeared in 27 threat reports