Check an IP Address, Domain Name, Subnet, or ASN

128.14.237.130 was found in our database!

$ whois 128.14.237.130

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 128.14.237.130scoring →

confidence

90%Very High

first_seen·Jan 31, 2026

last_seen·1h ago

sessions·389

events·442

$ sikker protocols 128.14.237.130

SMTP

171 / 171

HTTPS

117 / 117

IMAP

45 / 96

HTTP

15 / 17

SMB

12 / 12

MSSQL

12 / 12

FTP

5 / 5

SSH

4 / 4

POSTGRES

4 / 4

RTSP

3 / 3

MYSQL

1 / 1

$ sikker summary 128.14.237.130

128.14.237.130 has a threat confidence score of 90%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 389 honeypot sessions targeting SMTP, HTTPS, IMAP, HTTP, SMB and 6 other protocols. First observed on January 31, 2026, most recently active March 22, 2026.

$ sikker behaviors 128.14.237.130catalog →

mediumFtp Financial Partner Directory Enumeration1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttp Root Path Request8x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 128.14.237.130

ftp_list_directory21 ftp_set_ascii_mode21 ftp_enter_passive_mode21 ftp_change_working_directory20 smtp_ehlo_greeting12 http_method_get10 smtp_starttls_upgrade_request9 https_path_root6 https_path_config_json6 ftp_user_probe2 empty_ftp_command2 ftp_auth_tls1 ftp_help_request1 ftp_password_attempt1 mysql_show_databases1 http_path_bad_request1 http_path_config_json1 ftp_change_directory_etc1 ftp_feature_list_request1 ftp_change_directory_data1

$ sikker related 128.14.237.130

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.193.61.170	100%	918
45.249.247.165	100%	1,014
107.155.48.46	92%	30
152.32.253.205	100%	917
101.36.107.228	100%	1,549

IP Address	Confidence	Events
68.68.101.178	92%	4,394
34.82.98.110	79%	6,008
96.0.160.144	87%	21,255
92.118.39.92	100%	104,241
208.3.195.65	100%	98,725