Check an IP Address, Domain Name, Subnet, or ASN

128.1.32.99 was found in our database!

$ whois 128.1.32.99

country·🇹🇼 Taiwan

city·Taipei

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 128.1.32.99scoring →

confidence

92%Very High

first_seen·Mar 22, 2026

last_seen·1h ago

sessions·133

events·133

$ sikker protocols 128.1.32.99

HTTPS

57 / 57

FTP

21 / 21

HTTP

21 / 21

RDP

12 / 12

TELNET

12 / 12

POSTGRES

4 / 4

RTSP

3 / 3

MYSQL

3 / 3

$ sikker summary 128.1.32.99

128.1.32.99 has a threat confidence score of 92%. This IP address from Taiwan (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 133 honeypot sessions targeting HTTPS, FTP, HTTP, RDP, TELNET and 3 other protocols. First observed on March 22, 2026, most recently active April 21, 2026.

$ sikker behaviors 128.1.32.99catalog →

mediumFtp Authenticated Session Establishment2x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

lowMysql Schema Discovery Bot3x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttp Http Method Get9x

HTTP request using GET method.

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Fetch Robots Txt3x

HTTP GET request to /robots.txt.

infoHttps Path Robots Txt3x

HTTPS request to /robots.txt.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 128.1.32.99

http_method_get16 empty_ftp_command14 ftp_user_probe4 mysql_show_databases3 http_path_config_json3 https_path_robots_txt3 http_robots_txt_path_probe3 ftp_auth_tls2 https_path_root2 ftp_help_request2 ftp_set_ascii_mode2 ftp_password_attempt2 ftp_enter_passive_mode2 https_path_config_json2 ftp_feature_list_request2 https_favicon_ico_request2 http_path_bad_request1

$ sikker related 128.1.32.99

🇹🇼·More threats fromTaiwan→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→TELN·More threats targetingTELNET→POST·More threats targetingPOSTGRES→RTSP·More threats targetingRTSP→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
103.14.33.89	95%	1,463
45.43.63.34	96%	5,062
165.154.11.140	92%	996
152.32.247.233	96%	5,323
152.32.189.128	62%	596

IP Address	Confidence	Events
124.11.64.11	100%	2,131
1.161.179.104	52%	1
213.209.159.159	95%	75,653
61.216.144.25	77%	8
213.209.159.175	100%	6,335