152.32.135.217
# IP Intelligence Briefing: 152.32.135.217
Classification: Moderate Risk โ Cloud Infrastructure Host
Reporting Date: 2026-06-17
Risk Score: 65/100
---
## Executive Summary
IP 152.32.135.217 is a single-service host operated by UCLOUD INFORMATION TECHNOLOGY HK LIMITED (ASN 135377) in Hong Kong. The address exhibits moderate risk characteristics with elevated DNSBL presence (3 of 8 total listings) despite residing in an otherwise clean /24 subnet. Route stability issues detected suggest dynamic cloud infrastructure allocation.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Organization** | UCLOUD INFORMATION TECHNOLOGY HK LIMITED |
| **ASN** | 135377 |
| **BGP Prefix** | 152.32.135.0/24 |
| **Geolocation** | Hong Kong, CN |
| **Cloud Provider** | UCLOUD (cloud infrastructure) |
| **Network Role** | Single-Service Host |
| **Open Ports** | 22/TCP (SSH-2.0-OpenSSH_9.2p1) |
---
## Threat Indicators
- DNSBL Listings: 3 of 8 total blacklists (max severity: high)
- Threat Feeds: None detected
- Campaign Associations: None identified
- Known Attacker: No
- Spam Source: No
Note: Despite absence of active threat indicators, DNSBL presence correlates with prior abuse activity.
---
## Neighborhood Analysis
Subnet: 152.32.135.0/24
- Abuse Density: 0.0 (clean)
- Total Siblings: 3
- Active Siblings: 1
- Threat Siblings: 0
Neighbor Risk Scores:
- 152.32.135.135 โ Risk: 50/100 (Medium)
- 152.32.135.151 โ Risk: 40/100 (Medium)
---
## Observation History
Total Observations: 17 signals
- Most Recent: 2026-06-17T14:05:39 UTC
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0
Historical signals indicate stable cloud infrastructure with intermittent DNSBL activity.
---
## Recommended Actions
Immediate
1. Increase logging verbosity for traffic from 152.32.135.217
2. Review recent activity from this IP (elevated risk score 65/100)
Firewall Rules
iptables:
```bash
iptables -A INPUT -s 152.32.135.217 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 152.32.135.217 drop
```
nginx:
```nginx
deny 152.32.135.217;
```
Cloudflare WAF:
```json
{
"description": "Block 152.32.135.217 โ IPDebrief risk score 65",
"action": "block",
"filter": {
"expression": "ip.src eq 152.32.135.217"
}
}
```
AWS WAF:
```json
{
"Addresses": ["152.32.135.217/32"],
"Description": "IPDebrief risk 65"
}
```
---
## Intelligence Narrative
This IP represents a cloud-hosted single-service endpoint with moderate-risk characteristics. The combination of elevated risk score (65/100), multiple DNSBL listings, and false route stability suggests potential abuse activity or compromised infrastructure. However, the clean neighborhood and absence of active threat indicators indicate this may be a transient or misconfigured cloud instance rather than a persistent threat actor infrastructure.
Recommended SOC Approach: Monitor rather than block immediately. The moderate risk classification warrants traffic logging and correlation with other signals before implementing blocking measures. The UCLOUD cloud provider context suggests legitimate hosting infrastructure that may have been abused temporarily.
---
*Intel generated by IPDebrief Threat Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | UCLOUD INFORMATION TECHNOLOGY HK LIMITED |
| ASN | AS135377 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 18% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:03:47 UTC |
| Last Seen | 2026-06-26 18:10:40 UTC |
| Profile Built | 2026-06-23 23:44:39 UTC |
| Data Freshness | Fresh |
| Signal Types | 19 |
| Total Observations | 20 |
Full dossier details are available via our API.