IOC Radar
IPMediumSignal 64/100

165.154.12.139

Location
United Arab EmiratesUnited Arab Emirates
Dubai, Dubayy
ASN
AS135377
Ucloud Information Technology (hk) Limited
First Seen
Oct 24, 2021
Last Seen
Jun 19, 2026
Oct 24
First Seen
1703d ago
Jun 19
Last Seen
4d ago
38
Reports
source reports
64%
Confidence
medium
Found in 38 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

89 techniques

Network Information

CountryAEUnited Arab Emirates
RegionDubai, Dubayy
ASNAS135377
OrganizationUcloud Information Technology (hk) Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

38 reports64% confidence
38
Source reports
64%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive scanactive scanningadbadb exploitadbhoney honeypotadministrative accessaeanomalous network connectionsapacheapache attackerapplication layer protocolaptasiaattackattacker ipsaustraliaauthentication attackauthentication attacksauthentication attemptauto-generated securityautomated attackautomated scanautomated threatautomated-attackbad reputationbad web botbankingblacklist candidateblacklist ipblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2canadacertchina mobilecisco devicecisco device attackcisco device targetingcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconpot activityconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackcredential attackscredential brute-forcingcredential compromisecredential harvestingcredential stuffingcredential-stuffingcredit card servicesdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksddos attemptddos probedecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdropperencryptionenterprise networkingenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal network scanexternal scanexternal scanningexternal-threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinancefinancial servicesfinancial technologyfinlandfranceftpftp attackftp attacksftp brute forceftp brute-forcegermanyhackingheralding activityhk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttpshttps scanninghurricane usicmpics securityics/scada attackidentity & access exploitationimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsinetinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinjection activityinjection attacksinternet facing assetinternet of thingsinternet-facinginternet-facing serviceinternet-wide scanintrusion attemptintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackipv4ipv4-ioclamplamp attacklamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack targetinglateral movementlinux systemslinux-server-attacklinux_server_attackslogin attemptlondonmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious adb activitymalicious file transfermalicious ip activitymalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmalware-related botnet activitymalware_activitymanualmirai botnetmobilemobile securitymssqlmssql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynorth americanull port scannull scanoceaniaopen port detectionoperating systemoperating system securityopportunistic attackeros detectionos fingerprintingp0fp0f fingerprintingp0f network fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspayment processingpgp signphishingphishing attackphishing trapphp exploitping of deathpolandpop3 brute forceport-scanningportscanpossible botnet activitypossible botnet infectionpossible exploit attemptpossible exploit attemptspossible malware distributionpossible mirai variantpossible reconnaissance activitypotential exploit activitypotential malware infectionpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolransomwarerdp attacksreconnaissancereconnaissance activityremote accessremote code executionremote servicesresearchedresource hijackingrtbhscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scansftp access attemptsftp activitysftp attacksftp-attacksip attackssip brute forcesip scanningsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptsshssh attackssh attacksssh monitoringssh scanningssh-brute-forcestealthstealth scansuricata alertssynsyn port scansyn scansystem accesst-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1047t1048t1053t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1539t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1587.001t1588t1589t1589.002t1590t1590.001t1590.003t1590.004t1590.006t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetorontotpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized scanningunauthorized-access-attemptunited arab emiratesunited kingdomunited statesunknown threat actorunsolicited emailunsolicited scanningus abuseus noneus source ipvalid accountsversion detectionvnc protocolvoipvoip attackvulnerability scanvultrvultr-platformwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploitationweb scannerweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackweb_attackxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
38
Reports
First seenOct 24, 2021
Last seenJun 19, 2026
GeolocationAE
CountryUnited Arab Emirates
LocationDubai, Dubayy
ASNAS135377
OrgUcloud Information Technology (hk) Limited
Coords25.2585, 55.3047
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 4 days ago
Appeared in 38 threat reports