128.14.226.191 — UCLOUD INFORMATION TECHNOLOGY HK LIMITED, US — Very High (91%)

Check an IP Address, Domain Name, Subnet, or ASN

128.14.226.191 was found in our database!

Confidence Level

91%

Very High?

Geolocation

🇺🇸

United StatesLos Angeles

ISPUCLOUD INFORMATION TECHNOLOGY HK LIMITED

ASNAS135377

Activity Timeline

First seenJan 21, 2026, 08:51 AM

Last seen1h ago

285Sessions

877Events

Protocol Breakdown

FTP

20 / 445

HTTPS

76 / 141

HTTP

70 / 132

RTSP

15 / 36

IMAP

33 / 33

SMTP

29 / 29

SIP

6 / 18

SSH

12 / 12

TELNET

8 / 12

REDIS

8 / 8

MYSQL

2 / 5

POSTGRES

4 / 4

ELASTICSEARCH

2 / 2

128.14.226.191 has a very high threat confidence level of 91%, originating from Los Angeles, United States, on the UCLOUD INFORMATION TECHNOLOGY HK LIMITED network (135377). It has been observed across 285 sessions targeting FTP, HTTPS, HTTP, RTSP, IMAP and 8 other protocols, First observed on January 21, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Ftp Control Channel Protocol Anomaly

low4x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

Mysql Schema Discovery Bot

low2x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

Http Root Path Request

info16x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Bad Request Route Probe

info2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Redis Info Command Invocation

info1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

Primitives

Individual actions observed

Elastic Root Path Probe50 Http Method Get22 Elastic Http Get Request18 Ftp Control Channel Binary Payload17 Empty Ftp Command8 Http Path Config Json4 Elastic Cat Indices Enumeration4 Https Path Root2 Smtp Ehlo Greeting2 Mysql Show Databases2 Http Path Bad Request2 Elastic Http Favicon Path Probe2 Elastic Http Bad Request Path Probe2 Redis Info Lowercase1 Imap Command Authenticate1 Smtp Starttls Upgrade Request1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
101.36.122.23	100%	899
165.154.6.89	100%	247
101.36.113.241	100%	818
152.32.191.75	100%	718
152.32.252.65	100%	657

IP Address	Confidence	Events
206.189.197.38	82%	207
15.204.144.239	99%	6,006
137.184.98.19	74%	199
67.211.215.223	51%	57
23.94.28.163	97%	1,098