Elevated Risk
IP 128.14.239.39 is a high-risk address operated by UCLOUD INFORMATION TECHNOLOGY HK LIMITED (AS135377) and registered to the United States, linked primarily to general hacking activity including exploitation attempts and unauthorized access probes, with a threat level of 8/10 and 1,140 aggregate reports from automated honeypot sensors. The volume and consistency of reports spanning from September 2025 through May 2026 indicate sustained, deliberate targeting rather than opportunistic scanning.
Detection data from 20 automated honeypot sources documents a moderate-to-high frequency of repeated contact, with a confidence score of 69% that the observed behavior is malicious rather than anomalous legitimate traffic. The dominant threat category is Hacking (accounting for 19 of the categorized last-reported incidents), supplemented by a single Exploited Host classification. The reported attack patterns include connection attempts, Redis-focused exploitation probes, and TLS-level anomalies flagged by Suricata sensors (SURICATA TLS invalid record type), collectively suggesting the address is part of an automated attack campaign scanning for misconfigured or vulnerable services across exposed internet infrastructure.
The "Exploited Host" classification raises the possibility that 128.14.239.39 may itself be a compromised system repurposed as an unwitting attack platform, consistent with typical behaviors of bulletproof hosting environments. The Redis attack pattern specifically points to credential-harvesting or data-exfiltration attempts against exposed NoSQL databases, a known initial-access vector in real-world intrusions. When combined with TLS record anomalies, this indicates the operator is employing encrypted or obfuscated communication channels to evade detection during exploitation attempts. The sustained report volume over an eight-month window underscores that blocking this address is a proportionate defensive response for any exposed service.
Site operators should immediately block 128.14.239.39 at the network perimeter or via firewall rules, and implement rate-limiting on services accessible from the public internet to reduce the effectiveness of automated scanning. Enforcing strong authentication, closing unused ports, and ensuring Redis instances are bound to trusted interfaces only (not exposed to0.0.0.0) will reduce the attack surface targeted by this actor. Deploying intrusion-detection rules that flag the Suricata TLS anomaly pattern and suspicious Redis connection strings will improve early warning. Where feasible, notifying the hosting provider UCLOUD INFORMATION TECHNOLOGY HK LIMITED about the reported compromise supports broader infrastructure cleanup, and tools such as fail2ban can automate dynamic blocking based on repeated offending behavior.
NG 
HK 
JP 
FR 
PE 
CH 
GB 
PH