IPDebrief

152.32.135.217

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 152.32.135.217

Classification: Moderate Risk โ€” Cloud Infrastructure Host

Reporting Date: 2026-06-17

Risk Score: 65/100

---

## Executive Summary

IP 152.32.135.217 is a single-service host operated by UCLOUD INFORMATION TECHNOLOGY HK LIMITED (ASN 135377) in Hong Kong. The address exhibits moderate risk characteristics with elevated DNSBL presence (3 of 8 total listings) despite residing in an otherwise clean /24 subnet. Route stability issues detected suggest dynamic cloud infrastructure allocation.

---

## Infrastructure Profile

AttributeValue
**Organization**UCLOUD INFORMATION TECHNOLOGY HK LIMITED
**ASN**135377
**BGP Prefix**152.32.135.0/24
**Geolocation**Hong Kong, CN
**Cloud Provider**UCLOUD (cloud infrastructure)
**Network Role**Single-Service Host
**Open Ports**22/TCP (SSH-2.0-OpenSSH_9.2p1)

---

## Threat Indicators

Note: Despite absence of active threat indicators, DNSBL presence correlates with prior abuse activity.

---

## Neighborhood Analysis

Subnet: 152.32.135.0/24

Neighbor Risk Scores:

---

## Observation History

Total Observations: 17 signals

Historical signals indicate stable cloud infrastructure with intermittent DNSBL activity.

---

## Recommended Actions

Immediate

1. Increase logging verbosity for traffic from 152.32.135.217

2. Review recent activity from this IP (elevated risk score 65/100)

Firewall Rules

iptables:

```bash

iptables -A INPUT -s 152.32.135.217 -j DROP

```

nftables:

```bash

nft add rule inet filter input ip saddr 152.32.135.217 drop

```

nginx:

```nginx

deny 152.32.135.217;

```

Cloudflare WAF:

```json

{

"description": "Block 152.32.135.217 โ€” IPDebrief risk score 65",

"action": "block",

"filter": {

"expression": "ip.src eq 152.32.135.217"

}

}

```

AWS WAF:

```json

{

"Addresses": ["152.32.135.217/32"],

"Description": "IPDebrief risk 65"

}

```

---

## Intelligence Narrative

This IP represents a cloud-hosted single-service endpoint with moderate-risk characteristics. The combination of elevated risk score (65/100), multiple DNSBL listings, and false route stability suggests potential abuse activity or compromised infrastructure. However, the clean neighborhood and absence of active threat indicators indicate this may be a transient or misconfigured cloud instance rather than a persistent threat actor infrastructure.

Recommended SOC Approach: Monitor rather than block immediately. The moderate risk classification warrants traffic logging and correlation with other signals before implementing blocking measures. The UCLOUD cloud provider context suggests legitimate hosting infrastructure that may have been abused temporarily.

---

*Intel generated by IPDebrief Threat Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡ญ๐Ÿ‡ฐ Hong Kong
Regionโ€”
CityHong Kong
TimezoneAsia/Hong_Kong
Latitude22.40
Longitude114.11

๐Ÿข Ownership & Registration

OrganizationUCLOUD INFORMATION TECHNOLOGY HK LIMITED
ASNAS135377
Network Nameโ€”
CIDR Blockโ€”
RIRARIN
Countryโ€”
Abuse ContactAvailable via RDAP

๐ŸŒ DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)

๐Ÿ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

โ˜๏ธ Network Classification

InfrastructureUnknown
Service PurposeSingle-Service Host
Network TierUnknown โ€” Insufficient routing data to classify
No specific classification

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
22sshtcp
Closed Ports25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)
Serverโ€”
HTTP Titleโ€”
SSH VersionSSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
29%
23
routing
13%
11
services
18%
22
ownership
20%
23
reputation
23%
13
geolocation
30%
23
Overall22%1015
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Fresh

First Seen2026-05-07 23:03:47 UTC
Last Seen2026-06-26 18:10:40 UTC
Profile Built2026-06-23 23:44:39 UTC
Data FreshnessFresh
Signal Types19
Total Observations20
๐Ÿ” 19 signal types ยท 20 observations collected
This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.