Check an IP Address, Domain Name, Subnet, or ASN

101.201.38.226 was found in our database!

$ whois 101.201.38.226

country·🇨🇳 China

city·Beijing

isp·Hangzhou Alibaba Advertising Co.,Ltd.

asn·AS37963

network·Standard

$ sikker risk 101.201.38.226scoring →

confidence

85%Very High

first_seen·Jan 20, 2026

last_seen·59m ago

first_reported·Mar 6, 2026

last_reported·14d ago

sessions·344

events·497

reports·1

$ sikker protocols 101.201.38.226

REDIS

79 / 173

MONGODB

64 / 87

MSSQL

84 / 84

SSH

55 / 71 / 1r

MYSQL

31 / 51

RDP

31 / 31

$ sikker summary 101.201.38.226

101.201.38.226 has a threat confidence score of 85%. This IP address from China (AS37963, Hangzhou Alibaba Advertising Co.,Ltd.) has been observed in 344 honeypot sessions and reported 1 times targeting REDIS, MONGODB, MSSQL, SSH, MYSQL and 1 other protocols. First observed on January 20, 2026, most recently active March 20, 2026.

$ sikker behaviors 101.201.38.226catalog →

mediumMysql User Schema Table Footprint Reconnaissance1x

Attacker enumerates non-system MySQL database schemas and associated table statistics (row counts, storage size, average row size) via metadata queries against the TABLES catalog. This activity indicates targeted discovery of accessible application datasets and data volume profiling to prioritize exfiltration, credential harvesting, or destructive actions against high-value databases.

infoRedis Info Command Invocation16x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 101.201.38.226

redis_info_lowercase38 redis_command_http_host_header_port_63794 mysql_select_tables_metadata_excluding_system_schemas1

$ sikker reports 101.201.38.226submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 6, 2026, 11:12	Brute Force	SSH	SikkerGuard: 2 blocked packets

$ sikker related 101.201.38.226

🇨🇳·More threats fromChina→AS·More threats fromHangzhou Alibaba Advertising Co.,Ltd.→REDI·More threats targetingREDIS→MONG·More threats targetingMONGODB→MSSQ·More threats targetingMSSQL→SSH·More threats targetingSSH→MYSQ·More threats targetingMYSQL→RDP·More threats targetingRDP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
47.112.212.56	83%	2,775
47.93.250.117	96%	47
47.93.1.160	81%	17,968
39.101.187.162	75%	7
121.43.116.220	57%	39

IP Address	Confidence	Events
120.195.161.46	93%	94,675
47.112.212.56	83%	2,768
106.58.219.148	93%	283
36.212.221.233	95%	106
219.155.202.167	100%	22