IOC Radar
IPMediumSignal 59/100

152.32.141.172

Location
NigeriaNigeria
Lagos, Lagos
ASN
AS135377
Ucloud Information Technology
First Seen
Feb 27, 2024
Last Seen
Jun 19, 2026
Feb 27
First Seen
845d ago
Jun 19
Last Seen
3d ago
33
Reports
source reports
59%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

98 techniques

Network Information

CountryNGNigeria
RegionLagos, Lagos
ASNAS135377
OrganizationUcloud Information Technology

IP Category

Proxy
Proxy server

Feed Intelligence Summary

33 reports59% confidence
33
Source reports
59%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive scanactive scanningadbhoney activityadbhoney honeypotadministrative accessafricaapacheapache attackerapplication scanningaptasiaatif feedattackattacker-ipaustraliaauto-generated securityautomated activityautomated attackautomated attacksautomated multi-vector probingautomated threatautomated-attackautomated_attackbad reputationbad web botbanlist feedbbcbbc newsbinary defenseblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2c2 communicationc2 servercanadacertcisco devicecisco device targetingcisco exploit attemptcisco exploitation attemptcisco exploitation attemptscisco_device_attackcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostsconnect scanconpot activityconpot honeypotconpot ics attackscontainer securitycowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingcredential_attackcredential_stuffingctacurlcvedata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydatabase_serverdcerpcddosddos attackddos attack indicatorsddos attacksddos preparationddos probeddospotdecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdionaea interactionsdionaea malware collectiondionaea payloadsdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenterprise securityenumerationenumeration attempteu cyber policieseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploitation_attemptexploited hostexternal access attemptsexternal attackexternal threatexternal-threatextortionfattfatt analysisfatt detectionsfatt signaturesfin scanfinlandfirewall evasionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegalahgeckogermanygluttongopothackinghellohellpotheralding activityhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probehttp probinghttp scannerhttp scanninghttp/shttpshttps probehttps scanningicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access preparationinitial access vectorinitial-accessinitial_accessinjection activityinjection attacksintel macinternet facing assetinternet facing assetsinternet of thingsinternet-facinginternet-facing serviceinternet-wide scaninternet_scannersintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackiot_attackip-addressipphoney honeypotipv4ipv4 activityipv4 indicatorsipv4-iocjapankhtmlkibanaknown malicious iplamplamp attacklamp attack attemptlamp exploit attemptlamp exploit attemptslamp exploitation attemptslamp server attacklamp stack attacklamp stack attackslamp stack targetinglamp_stack_attacklateral movementlcialinux serverslinux systemslinux x8664linux-server-attacklog4potlogin attemptlondonmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious activity detectedmalicious ip detectedmalicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware distribution attemptsmalware downloadmalware download attemptsmanualmass port scanningmassive port scanmedpotmirai botnetmobilemobile securitymssqlmysql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-attacknetwork-based attack attemptsnetwork-discoverynetwork_enumerationnetwork_probingnetwork_reconnaissancengnigerianorth americanull scanoceaniaopen port detectionopen port discoveryopen port enumerationopen proxyopenctioperating systemoperating system securityos xosint enrichmentp0fp0f fingerprintingp0f os fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword_attackphishingphishing attackphishing trapping of deathpolandport-scanport-scanningportscanpossible botnet activitypossible exploit attemptpossible exploit attemptspossible malicious activitypossible malware distributionpossible malware dropperpossible malware probingpossible mirai variantpossible vulnerability scanpotential botnetpotential intrusion attemptpotential malicious activitypotential malware deploymentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy accessransomwareransomware activityrcerdp attacksreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypot activityregional securityremote accessremote code executionremote service exploitationremote servicesremote_access_serviceresearchedresource hijackingscams & fraudscanscannerscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice_enumerationsftp access attemptsftp activitysftp attacksftp attemptsftp intrusion attemptsftp scanningsftp-attackshell accessshell access attemptsip attackssip brute forcesip probingsip scanningsippsmb brute forcesmb scanningsmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh brute-forcessh monitoringssh-brute-forcestealth scanstealth scan techniquessuricata alertsuricata alertssynsyn scansystem disruptiont-pott1003t1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1036t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp/23tcp/iptelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesunknown threat actorvnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-scanvultrvultr-platformweb app attackweb application attackweb application attacksweb application scanweb application scanningweb attackweb attacksweb exploit attemptweb exploitationweb login attemptweb scannerweb shellweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-attackweb_attackweb_serverwgetwindow scanwindows ntwordpotxmas scan

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
33
Reports
First seenFeb 27, 2024
Last seenJun 19, 2026
GeolocationNG
CountryNigeria
LocationLagos, Lagos
ASNAS135377
OrgUcloud Information Technology
Coords6.5244, 3.3792
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw
inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC status: ALLOCATED UNSPECIFIED remarks: The country is really worldwide. remarks: This address space is assigned at various other places in remarks: the world and might therefore not be in the RIPE database. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-HM-MNT mnt-lower: AFRINIC-HM-MNT source: AFRINIC # Filtered parent: 0.0.0.0 - 255.255.255.255 organisation: ORG-IANA1-AFRINIC org-name: Internet Assigned Numbers Authority org-type: IANA country: EU # Country is really worldwide address: see http://www.iana.org remarks: The IANA allocates IP addresses and AS number blocks to RIRs remarks: see http://www.iana.org/ipaddress/ip-addresses.htm remarks: and http://www.iana.org/assignments/as-numbers admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-by: AFRINIC-HM-MNT remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC # Filtered role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: TEAM-AFRINIC tech-c: TEAM-AFRINIC nic-hdl: IANA1-AFRINIC remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-DB-MNT source: AFRINIC # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 days ago
Appeared in 33 threat reports