IntrusionLabs IntrusionLabs
← Back to feed

AS135377 UCLOUD INFORMATION TECHNOLOGY HK LIMITED

ASN Active medium
Why this campaign was detected
29 IPs from the same network (UCLOUD INFORMATION TECHNOLOGY HK LIMITED, AS135377) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS135377 · UCLOUD INFORMATION TECHNOLOGY HK LIMITED
Subnet
Country
🇭🇰 HK
Cloud Provider
Member Count
29 IPs
Below average
Total Events
13316
Below average by volume
Started / Ended
2026-02-18 00:26 — ongoing
Attack Types
ftp:bruteforce http:scan mysql:bruteforce ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1078 T1190
Credential Access
T1110 T1110.001
Discovery
T1016 T1046 T1082
Command and Control
T1105
Exfiltration
T1048
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
152.32.131.112 credential_harvester 81% 1x OSINT 267 3 ssh:bruteforce 2026-05-11 09:43 evidence →
128.14.225.164 credential_harvester 80% 1x OSINT 1523 3 ssh:bruteforce 2026-05-09 20:23 evidence →
154.83.196.237 credential_harvester 80% 1x OSINT 175 3 ssh:bruteforce 2026-05-11 09:26 evidence →
23.91.97.213 credential_harvester 75% 1x OSINT 730 3 ssh:bruteforce 2026-05-07 11:22 evidence →
118.193.33.228 credential_harvester 74% 1x OSINT 1025 3 ssh:bruteforce 2026-05-06 15:43 evidence →
103.210.22.17 scanner 73% 1x OSINT 725 3 ssh:bruteforce 2026-05-05 21:35 evidence →
101.36.119.184 credential_harvester 68% 1x OSINT 916 2 ssh:bruteforce 2026-05-11 05:47 evidence →
118.26.36.195 credential_harvester 67% 1x OSINT 696 2 ssh:bruteforce 2026-05-11 06:06 evidence →
103.210.21.242 credential_harvester 67% 1x OSINT 482 2 ssh:bruteforce 2026-05-11 11:04 evidence →
165.154.149.253 credential_harvester 64% 1x OSINT 490 2 ssh:bruteforce 2026-05-09 22:02 evidence →
165.154.147.69 credential_harvester 63% 1x OSINT 477 2 ssh:bruteforce 2026-05-09 12:06 evidence →
152.32.238.146 credential_harvester 63% 1x OSINT 1381 2 ssh:bruteforce 2026-05-08 12:40 evidence →
101.36.122.186 credential_harvester 62% 1x OSINT 946 2 ssh:bruteforce 2026-05-08 07:07 evidence →
107.150.105.116 credential_harvester 62% 1x OSINT 729 2 ssh:bruteforce 2026-05-08 05:54 evidence →
152.32.218.149 credential_harvester 61% 1x OSINT 874 2 ssh:bruteforce 2026-05-07 10:13 evidence →
152.32.252.65 credential_harvester 59% 1x OSINT 756 2 ssh:bruteforce 2026-05-06 15:51 evidence →
152.32.135.217 credential_harvester 58% 1x OSINT 209 2 ssh:bruteforce 2026-05-07 12:28 evidence →
152.32.132.215 credential_harvester 56% 1x OSINT 599 2 ssh:bruteforce 2026-05-05 02:08 evidence →
128.14.237.154 credential_harvester 49% 56 2 ssh:bruteforce 2026-05-06 02:12 evidence →
152.32.188.76 malware_dropper 46% 1x OSINT 23 1 ssh:bruteforce 2026-05-07 22:58 evidence →
154.81.14.172 opportunistic_bruter 44% 1x OSINT 23 1 ssh:bruteforce 2026-05-06 13:16 evidence →
107.150.117.219 scanner 36% 15 2 ftp:bruteforcemysql:bruteforcessh:bruteforce 2026-05-06 23:55 evidence →
152.32.132.28 credential_probe 34% 2x OSINT 15 1 ssh:bruteforce 2026-05-10 22:25 evidence →
101.36.104.242 credential_probe 34% 1x OSINT 30 2 ssh:bruteforce 2026-05-08 02:03 evidence →
118.194.233.182 scanner 33% 24 2 ssh:bruteforce 2026-05-09 15:43 evidence →
152.32.138.230 scanner 29% 14 1 http:scanmysql:bruteforcessh:bruteforce 2026-05-07 15:50 evidence →
165.154.163.10 scanner 26% 1x OSINT 98 1 ssh:bruteforce 2026-05-06 20:20 evidence →
101.36.106.75 scanner 24% 6 1 ssh:bruteforce 2026-05-10 03:52 evidence →
45.43.62.77 scanner 22% 12 1 ssh:bruteforce 2026-05-09 08:30 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds