Elevated Risk
IP 165.154.163.10 is a high-risk address operated by UCLOUD INFORMATION TECHNOLOGY HK LIMITED (AS135377) that has generated 374 abuse reports between August 2025 and June 2026, with an overwhelming majority classified as hacking activity. With a threat level of 8/10 and an activity frequency rating of 8/10, this IP represents a persistent intrusion threat that network administrators should treat with significant caution. The combination of high-volume reporting and the specificity of the hacking classification suggests ongoing, deliberate attempts to compromise target systems rather than opportunistic scanning.
The IP's geolocation in the United States is notable given its association with a Hong Kong-based hosting provider, a configuration often employed by threat actors to obscure infrastructure origins or exploit regional trust assumptions. All 374 reports were generated by automated honeypot sensors, indicating that the observed activity is not isolated but rather part of automated campaigns capable of generating high-frequency interaction across distributed sensor networks. The first reported date of August 2025 and last reported date of June 2026 establish a sustained campaign spanning approximately 10 months, with consistent intensity throughout the observation period.
Hacking activity in this context encompasses unauthorized access attempts, exploitation of application and service vulnerabilities, and intrusion-pattern behaviors detected through anomalous connection attempts. For exposed services, this means the target system may face repeated credential-guessing attacks, exploitation attempts against known vulnerabilities, or probing for misconfigurations that could grant initial access. The volume of reports (374) combined with the 8/10 activity frequency indicates this IP is actively engaged in continuous scanning and attack operations against a broad range of internet-facing resources.
Network defenders should immediately block or heavily rate-limit traffic from 165.154.163.10 at the perimeter firewall and implement geolocation-based access controls where business operations permit. Authentication mechanisms should be hardened through the use of key-based authentication, fail2ban or similar dynamic blocking tools, and strict account lockout policies to mitigate brute-force attempts. All internet-facing services should be audited for unnecessary exposure, and patching cadence should be accelerated for any vulnerable software. Continuous monitoring of incoming connections from this IP and similar addresses within the same operator's allocation is strongly advised to detect evolving attack patterns.
NG 
HK 
JP 
FR 
UA 
SC