101.36.97.80 — UCLOUD INFORMATION TECHNOLOGY HK LIMITED, GB — Very High (86%)

Check an IP Address, Domain Name, Subnet, or ASN

101.36.97.80 was found in our database!

Confidence Level

86%

Very High?

Geolocation

🇬🇧

United KingdomCity of London

ISPUCLOUD INFORMATION TECHNOLOGY HK LIMITED

ASNAS135377

Activity Timeline

First seenJan 23, 2026, 09:11 AM

Last seen1h ago

238Sessions

569Events

Protocol Breakdown

SMTP

73 / 281

HTTPS

95 / 186

SIP

22 / 36

TELNET

12 / 20

SSH

8 / 12

RTSP

12 / 12

MYSQL

3 / 9

HTTP

7 / 7

FTP

5 / 5

ELASTICSEARCH

1 / 1

101.36.97.80 has a very high threat confidence level of 86%, originating from City of London, United Kingdom, on the UCLOUD INFORMATION TECHNOLOGY HK LIMITED network (135377). It has been observed across 238 sessions targeting SMTP, HTTPS, SIP, TELNET, SSH and 5 other protocols, First observed on January 23, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Mysql Schema Discovery Bot

low3x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

Ftp Control Channel Protocol Anomaly

low1x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

Http Root Path Request

info4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Elastic Root Path Probe16 Smtp Ehlo Greeting13 Elastic Http Get Request9 Smtp Starttls Upgrade Request7 Http Method Get6 Mysql Show Databases3 Ftp Control Channel Binary Payload3 Https Path Root2 Empty Ftp Command2 Elastic Cat Indices Enumeration2 Http Path Bad Request1 Http Path Config Json1 Elastic Http Favicon Path Probe1 Elastic Http Bad Request Path Probe1

Related Threats

Explore related threat intelligence

🇬🇧More threats fromUnited Kingdom ASMore threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED SMTPMore threats targetingSMTP HTTPSMore threats targetingHTTPS SIPMore threats targetingSIP TELNETMore threats targetingTELNET SSHMore threats targetingSSH RTSPMore threats targetingRTSP MYSQLMore threats targetingMYSQL HTTPMore threats targetingHTTP FTPMore threats targetingFTP ELASTICSEARCHMore threats targetingELASTICSEARCH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
165.154.36.71	100%	741
152.32.172.161	100%	654
152.32.139.96	85%	671
152.32.144.167	100%	601
118.193.33.3	100%	430

IP Address	Confidence	Events
178.128.165.87	100%	1,125
193.181.46.12	100%	5,729
46.101.54.39	100%	2,241
185.247.137.159	77%	330
87.236.176.165	80%	305