← Back to feed

AS135377 UCLOUD INFORMATION TECHNOLOGY HK LIMITED

ASN Active medium
Why this campaign was detected
35 IPs from the same network (UCLOUD INFORMATION TECHNOLOGY HK LIMITED, AS135377) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS135377 · UCLOUD INFORMATION TECHNOLOGY HK LIMITED
Subnet
Country
🇭🇰 HK
Cloud Provider
Member Count
35 IPs
Below average
Total Events
17025
Below average by volume
Started / Ended
2026-02-18 00:26 — ongoing
Attack Types
ftp:bruteforce http:scan mysql:bruteforce ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Exfiltration
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
107.150.105.116 credential_harvester 84% 1x OSINT 1233 3 ssh:bruteforce 2026-07-17 21:38 evidence →
118.26.111.107 credential_harvester 81% 2x OSINT 231 3 ssh:bruteforce 2026-07-15 10:55 evidence →
101.36.124.127 credential_harvester 80% 1x OSINT 1608 3 ssh:bruteforce 2026-07-15 14:34 evidence →
103.210.21.242 credential_harvester 80% 1x OSINT 2253 3 ssh:bruteforce 2026-07-15 08:12 evidence →
123.58.213.128 credential_harvester 79% 1x OSINT 1484 3 ssh:bruteforce 2026-07-14 19:13 evidence →
165.154.12.108 credential_harvester 77% 1x OSINT 827 3 ssh:bruteforce 2026-07-14 01:24 evidence →
103.210.22.17 credential_harvester 73% 1x OSINT 1720 3 ssh:bruteforce 2026-07-12 00:04 evidence →
128.14.225.164 credential_harvester 73% 1x OSINT 2630 3 ssh:bruteforce 2026-07-11 18:58 evidence →
45.43.60.220 credential_harvester 69% 1x OSINT 1063 2 ssh:bruteforce 2026-07-17 20:57 evidence →
123.58.210.106 scanner 69% 2x OSINT 27 3 mysql:bruteforcessh:bruteforce 2026-07-17 06:41 evidence →
128.14.237.154 credential_harvester 68% 177 3 ssh:bruteforce 2026-07-13 13:55 evidence →
45.43.37.254 credential_harvester 68% 2x OSINT 170 3 ssh:bruteforce 2026-07-15 18:26 evidence →
123.58.210.86 credential_harvester 68% 1x OSINT 835 2 ssh:bruteforce 2026-07-17 13:20 evidence →
128.14.236.30 scanner 65% 1x OSINT 14 3 ftp:bruteforcehttp:scanssh:bruteforce 2026-07-17 09:02 evidence →
128.1.48.187 credential_harvester 59% 1x OSINT 682 1 ssh:bruteforce 2026-07-16 21:18 evidence →
152.32.225.11 ftp_probe 58% 1x OSINT 12 3 ftp:bruteforcessh:bruteforce 2026-07-15 20:21 evidence →
101.36.119.203 credential_harvester 55% 1x OSINT 615 1 ssh:bruteforce 2026-07-15 15:36 evidence →
118.26.110.171 scanner 46% 2x OSINT 66 2 ssh:bruteforce 2026-07-17 05:01 evidence →
107.150.110.217 scanner 45% 474 1 ssh:bruteforce 2026-07-13 02:59 evidence →
152.32.171.184 credential_probe 45% 74 3 ssh:bruteforce 2026-07-13 14:21 evidence →
152.32.135.135 scanner 41% 27 1 ssh:bruteforce 2026-07-13 08:22 evidence →
103.149.26.43 credential_harvester 38% 672 2 ssh:bruteforce 2026-07-12 00:00 evidence →
165.154.134.152 ftp_probe 35% 2x OSINT 2 1 ftp:bruteforcemysql:bruteforce 2026-07-15 19:09 evidence →
152.32.159.180 ftp_probe 34% 2x OSINT 3 1 ftp:bruteforcemysql:bruteforce 2026-07-14 18:35 evidence →
101.36.106.89 scanner 34% 1x OSINT 20 2 ssh:bruteforce 2026-07-13 19:14 evidence →
150.107.38.251 scanner 33% 2x OSINT 49 1 ssh:bruteforce 2026-07-16 16:20 evidence →
101.36.114.252 ftp_probe 31% 1x OSINT 2 1 ftp:bruteforcemysql:bruteforce 2026-07-15 13:29 evidence →
152.32.205.206 scanner 31% 1x OSINT 10 1 ssh:bruteforce 2026-07-16 19:17 evidence →
45.255.124.7 reconnaissance 31% 10 1 ssh:bruteforce 2026-07-14 02:20 evidence →
165.154.129.151 scanner 27% 2x OSINT 10 1 ssh:bruteforce 2026-07-13 12:16 evidence →
107.150.101.128 scanner 27% 1x OSINT 6 2 ssh:bruteforce 2026-07-10 22:37 evidence →
152.32.245.186 web_probe 25% 2x OSINT 5 1 http:scan 2026-07-12 01:18 evidence →
118.194.251.101 web_probe 24% 2x OSINT 6 1 http:scan 2026-07-10 23:15 evidence →
152.32.206.181 mysql_probe 20% 1x OSINT 2 1 mysql:bruteforce 2026-07-13 18:01 evidence →
152.32.131.10 scanner 17% 6 1 ssh:bruteforce 2026-07-13 01:56 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds