IOC Radar
IPMediumSignal 72/100

165.154.173.226

Location
United StatesUnited States
Los Angeles, California
ASN
AS135377
Ucloud Information Technology (hk) Limited
First Seen
Mar 27, 2024
Last Seen
Jun 15, 2026
Mar 27
First Seen
822d ago
Jun 15
Last Seen
12d ago
34
Reports
source reports
72%
Confidence
medium
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

92 techniques

Network Information

CountryUSUnited States
RegionLos Angeles, California
ASNAS135377
OrganizationUcloud Information Technology (hk) Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

34 reports72% confidence
34
Source reports
72%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotapacheapache attackerapplication layer protocolaptasiaattackattack attemptattacker-ipaustraliaauthentication abuseauthentication attemptsauto-generated securityautomated activityautomated attackautomated attacksautomated multi-vector probingautomated threatautomated-attackautomated_attackbad reputationbad web botbanner grabbing attemptblacklist candidateblock listblocklist_allbotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationc2 servercanadacertchina mobilecisco attackcisco devicecisco device targetingcisco exploit attemptcisco exploitation attemptscisco_device_attackcloud infrastructurecloud infrastructure attackcloud providercloud servicescode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot honeypotcontainer securitycowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_stuffingcurlcvedata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase login attemptdatabase securitydatabase-serverdatabase_serverdcerpcddosddos attackddos attack indicatorsddos attacksddos preparationddos probeddospotdecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationeu cyber policieseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexternal access attemptsexternal scanexternal threatexternal-threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin port scanfin scanfinlandfirewall detection probefrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scangalahgermanygithubgluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probehttp probinghttp scannerhttp scanninghttp/shttpshttps probeicmpics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access vectorinitial-accessinitial_accessinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing serviceinternet-facing servicesinternet-wide scanintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackiot_attackip-addressip-address-iocipphoney honeypotipv4ipv4 scanningipv4-iockibanakill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp_stack_attacklateral movementlateral movement techniqueslinux malwarelinux serverslinux systemslinux-server-attacklinux-systemlinux_server_attackslog4potlogin attemptlow-riskmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious emailmalicious file transfermalicious ip activitymalicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware download attemptsmalware propagationmalware stagingmalware_activitymanualmass scanning activitymedpotmelbourne regionmirai botnetmssqlmysql brute forcenetworknetwork attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-attacknetwork-based attack attemptsnetwork-devicenetwork-discoverynetwork_reconnaissancenorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopenctiopportunistic attackopportunistic attackeros fingerprintingos fingerprinting attemptosintosint enrichmentp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingperimeter securitypgp signphishingphishing attackphishing trapphp injection attemptsping of deathpolandport-scanport-scanningportscanpossible botnet activitypossible exploit attemptpossible exploit attemptspossible malware distributionpossible malware payloadpossible mirai variantpossible reconnaissance activitypossible vulnerability scanningpotential botnetpotential exploit activitypotential exploit attemptspotential intrusionpotential malware distributionpotential malware infectionpotential vulnerability scanningprivilege escalationprobingprocess injectionprotocol exploitationprotocol-abuseproxyproxy accesspythonransomwareransomware activityrdprdp attacksreconnaissancereconnaissance activityredis honeypotredishoneypotredishoneypot activityregional securityremote accessremote access attemptsremote servicesremote_access_serviceresearchedresource hijackingrtbhscams & fraudscanscannerscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationserver securityservice discoveryservice enumerationservice scanservice scanningsftpsftp access attemptsftp activitysftp attacksftp attackssftp attemptsftp attemptssftp-attackshell accessshell access attemptsipsip attackssip brute forcesip scansip scanningsip vulnerability exploitationsippslugsmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsmtp trafficsnaresocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh brute-forcessh monitoringssh scanssh-brute-forcestealth scansurface websuricata alertsuricata alertssynsyn port scansyn scansystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1547t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.003t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontimeouttor nodetorontotpottpotcettpsudp port scanudp scanunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunited statesunited states of americaunknown threat actorunsolicited emailusus noneus source ipvnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-scanvultrvultr infrastructure targetedvultr-platformweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitationweb exploitsweb login attemptweb scannerweb serversweb service scanningweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-attackweb-serverweb_attackweb_serverwebscanwebscannerwgetwindows malwarewordpotxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
34
Reports
First seenMar 27, 2024
Last seenJun 15, 2026
GeolocationUS
CountryUnited States
LocationLos Angeles, California
ASNAS135377
OrgUcloud Information Technology (hk) Limited
Coords22.2578, 114.1657
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
NetRange: 165.154.0.0 - 165.154.255.255 CIDR: 165.154.0.0/16 NetName: APNIC NetHandle: NET-165-154-0-0-1 Parent: NET165 (NET-165-0-0-0-0) NetType: Early Registrations, Transferred to APNIC OriginAS: Organization: Asia Pacific Network Information Centre (APNIC) RegDate: 2021-02-16 Updated: 2021-02-16 Ref: https://rdap.arin.net/registry/ip/165.154.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois://whois.apnic.net OrgName: Asia Pacific Network Information Centre OrgId: APNIC Address: PO Box 3646 City: South Brisbane StateProv: QLD PostalCode: 4101 Country: AU RegDate: Updated: 2012-01-24 Ref: https://rdap.arin.net/registry/entity/APNIC ReferralServer: whois://whois.apnic.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: AWC12-ARIN OrgAbuseName: APNIC Whois Contact OrgAbusePhone: +61 7 3858 3188 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
references
https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-19/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-15/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-14/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-05-14/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-12/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-05-10/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-08/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 12 days ago
Appeared in 34 threat reports