High Risk
IP 150.107.36.236 is a high-risk address with a threat level of 8/10 that has generated 302 total abuse reports from automated honeypot sensors, indicating sustained malicious activity originating from a Hong Kong-based cloud infrastructure provider. The dominant threat category is general hacking activity, accounting for the vast majority of recent reports, with additional targeting of Internet of Things and industrial control systems detected. With an activity frequency rated 8/10 and a confidence score of 92%, this IP represents a persistent, high-confidence threat that operators should actively block or heavily restrict.
Network intelligence reveals that 150.107.36.236 is registered to UCLOUD INFORMATION TECHNOLOGY HK LIMITED operating under ASN AS135377, a Hong Kong cloud services provider. The IP was first reported in September 2025 and most recently documented in June 2026, representing approximately nine months of continuous hostile activity. Detection came from 20 separate automated honeypot sensors distributed across the threat intelligence network, with 302 total reports accumulated over the observation period. The sheer volume of reports combined with the multi-sensor detection confirms this is not an isolated incident but rather sustained, automated attack infrastructure serving malicious purposes from commercial cloud hosting.
The primary threat category, hacking activity, encompasses intrusion attempts, vulnerability exploitation, and unauthorized access attempts against exposed services. This IP's activity pattern specifically includes IoT and ICS targeting, indicating the operator is systematically scanning for and attempting to compromise smart devices, networked cameras, routers, and industrial control systems that often lack robust security hardening. These devices represent attractive targets because they frequently run outdated firmware, retain default credentials, and lack proper network segmentation, making them easy entry points for botnet recruitment or lateral movement into broader network environments.
Site operators should immediately block or rate-limit traffic from 150.107.36.236 at the firewall level given its documented threat profile. Exposed services, particularly SSH, Telnet, and HTTP administration interfaces, should be protected with strong authentication mechanisms, non-default port configurations, and intrusion detection monitoring. For IoT and ICS environments, network segmentation is critical — isolate these devices on dedicated VLANs with strict firewall rules preventing lateral movement. Deploy defensive tools such as fail2ban to automatically ban repeat offenders after failed authentication attempts, and ensure all connected devices run current firmware with changed default credentials. Continuous monitoring of abuse report feeds will help identify if this threat actor shifts infrastructure.
NG 
JP 
FR 
UA 
IR