Check an IP Address, Domain Name, Subnet, or ASN

128.14.237.9 was found in our database!

$ whois 128.14.237.9

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 128.14.237.9scoring →

confidence

88%Very High

first_seen·Jan 31, 2026

last_seen·1h ago

sessions·275

events·528

$ sikker protocols 128.14.237.9

SMTP

89 / 234

IMAP

49 / 110

HTTPS

58 / 83

REDIS

8 / 26

MONGODB

18 / 18

HTTP

15 / 15

SMB

14 / 14

TELNET

8 / 12

MSSQL

7 / 7

SSH

4 / 4

RTSP

3 / 3

MYSQL

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 128.14.237.9

128.14.237.9 has a threat confidence score of 88%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 275 honeypot sessions targeting SMTP, IMAP, HTTPS, REDIS, MONGODB and 8 other protocols. First observed on January 31, 2026, most recently active March 22, 2026.

$ sikker behaviors 128.14.237.9catalog →

mediumSmb Remote Enumeration Via Samr And Srvsvc1x

Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 128.14.237.9

elastic_root_path_probe14 http_method_get13 smtp_ehlo_greeting9 elastic_http_get_request9 smtp_starttls_upgrade_request5 https_path_root3 smb_root_read2 smb_srvsvc_rpc_bind2 http_path_bad_request2 http_path_config_json2 https_path_config_json2 elastic_cat_indices_enumeration2 mongodb_serverstatus_float_command2 smb_samr_rpc_bind1 mysql_show_databases1 smb_ipc_share_access1 smb_srvsvc_pipe_open1 imap_command_authenticate1 elastic_http_favicon_path_probe1 elastic_http_bad_request_path_probe1

$ sikker related 128.14.237.9

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.186.86	43%	1
165.154.2.188	54%	2
45.43.63.34	96%	1,400
165.154.2.235	97%	3,768
123.58.212.9	97%	3,590

IP Address	Confidence	Events
20.102.92.72	75%	128
147.185.132.213	97%	315
96.0.160.144	87%	21,848
159.89.88.188	87%	315
193.37.33.184	82%	3,522