IOC Radar
IPMediumSignal 63/100

152.32.153.53

Location
IndonesiaIndonesia
Jakarta, Jakarta
ASN
AS135377
Ucloud Information Technology (hk) Limited
First Seen
Aug 31, 2023
Last Seen
Jun 8, 2026
Aug 31
First Seen
1014d ago
Jun 8
Last Seen
3d ago
38
Reports
source reports
63%
Confidence
medium
Found in 38 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

100 techniques

Network Information

CountryIDIndonesia
RegionJakarta, Jakarta
ASNAS135377
OrganizationUcloud Information Technology (hk) Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

38 reports63% confidence
38
Source reports
63%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive reconnaissanceactive scanactive scanningadbhoney honeypotadministrative accessanomalous network connectionsapacheapache attackeraptasiaattackattack attemptattack surface discoveryattacker-ipaustraliaauthentication attacksauto-generated securityautomated activityautomated attackautomated-attackbad reputationbad web botbankingblacklist candidateblacklist ipblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcec2c2 communicationcertchina mobilecisco devicecisco device targetingcisco exploitation attemptscitrix securityclosecloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompany limitedcompromised credentials attemptcompromised hostcompromised hostscompromised systemsconpot honeypotcontainer securitycowriecowrie activitycowrie attackscowrie detectedcowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential brute-forcingcredential harvestingcredential stuffingcredential-stuffingcredential_attackcredit card servicescurlcvecyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase exploitationdatabase login attemptdatabase securitydcerpcddosddos attackddos attacksddos participationddos preparationddos probeddospotdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea attacksdionaea detecteddionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversaldirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot detectedelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenterprise securityenumerationeu cyber policieseuropeexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfirewall eventfirewall probingfranceftpftp attackftp attacksftp brute forceftp brute-forcegalahgeckogermanygluttongopothackinghellohellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probehttp probinghttp request anomalieshttp request anomalyhttp scannerhttp scanninghttpshttps probehurricane usicmpics securityididentity & access exploitationimapimap attackinbound scanindicators of compromiseindonesiaindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinitial_access_attemptinjection activityinjection attacksinput validationintel macinternet facing assetinternet of thingsinternet-facinginternet-facing serviceinternet-wide scanintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 addressipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_addressjapankhtmlkibanalamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialinux x8664linux-server-attacklinux_server_attacksload balancerlog4potlogin attemptlondonmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious domainmalicious file transfermalicious ip activitymalicious ip listmalicious network activitymalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmalware_activitymanualmariadbmedpotmirai botnetmobilemobile securitymonthlymssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_probingnetwork_reconnaissancenetwork_scanningnorth americanull scanoceaniaopen port detectionopen proxyoperating systemoperating system securityopportunistic attackeros detectionos fingerprintingos xp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword sprayingpassword_attackpayment processingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible malicious activitypossible malware distributionpossible mirai variantpossible reconnaissancepotential attack vectorpotential botnetpotential botnet activitypotential exploitpotential exploit activitypotential vulnerability assessmentpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolransomwareratrcerdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotregional securityremote accessremote code executionremote servicesresearchedresource hijackingrtbhscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftp access attemptsftp activitysftp attacksftp-attackshell accessshell access attemptsip attackssip brute forcesip scanningsippsmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh-brute-forcesuricata alertsuricata alertssyn scansystem accesssystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.004t1590.005t1592t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner detectedtanner eventstanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencetimeouttokyotop10.txttopips.txttor nodetpottraffic analysisubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized activityunauthorized loginunauthorized login attemptunauthorized-access-attemptunited statesunknown threat actorus abuseus nonevnc protocolvoipvoip attackvulnerability scanvultrvultr cloud infrastructurevultr-platformwafwealth managementweb app attackweb application attackweb application attacksweb application scanweb application scanningweb attackweb attacksweb exploitweb exploitationweb login attemptweb scannerweb server exploitationweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackweb_attackwgetwindows ntwordpotxmas scanxss

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
38
Reports
First seenAug 31, 2023
Last seenJun 8, 2026
GeolocationID
CountryIndonesia
LocationJakarta, Jakarta
ASNAS135377
OrgUcloud Information Technology (hk) Limited
Coords-6.2088, 106.8460
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 152.32.153.0 - 152.32.155.255 netname: UCLOUD-ID descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED country: ID admin-c: UITH2-AP tech-c: UITH2-AP abuse-c: AU164-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-UCLOUD-HK mnt-irt: IRT-UCLOUD-HK last-modified: 2023-03-08T07:57:40Z source: APNIC irt: IRT-UCLOUD-HK address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong e-mail: [email protected] abuse-mailbox: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP auth: # Filtered remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 mnt-by: MAINT-UCLOUD-HK last-modified: 2025-07-01T09:50:40Z source: APNIC role: ABUSE UCLOUDHK country: ZZ address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: AU164-AP remarks: Generated from irt object IRT-UCLOUD-HK remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-07-01T09:51:21Z source: APNIC role: UCLOUD INFORMATION TECHNOLOGY HK LIMITED address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong country: HK phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: UITH2-AP notify: [email protected] mnt-by: MAINT-UCLOUD-HK last-modified: 2022-05-16T03:54:14Z source: APNIC route: 152.32.153.0/24 origin: AS135377 descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED FLAT/RM 603 6/F LAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD, KL, mnt-by: MAINT-UCLOUD-HK last-modified: 2023-03-09T03:17:49Z country: ID source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 days ago
Appeared in 38 threat reports