JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 128.1.131.7

128.1.131.7 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 84%: ?

84%

ISP	UCLOUD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS135377
Domain Name	ucloud.cn
Country	🇭🇰 Hong Kong
City	Hong Kong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 128.1.131.7

Whois 128.1.131.7

IP Abuse Reports for 128.1.131.7:

This IP address has been reported a total of 37 times from 28 distinct sources. 128.1.131.7 was first reported on October 2nd 2022, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Freenex1911	2026-06-09 08:31:25 (2 hours ago)	2026-06-09T08:31:25Z - RDP login from 128.1.131.7 failed multiple times.	Brute-Force
🇫🇮 ValtonTahiri	2026-06-09 06:07:40 (5 hours ago)	Windows IPBan blocked brute-force / failed login activity. Source=RDP; Username=6; Count=; LogonType ... show more Windows IPBan blocked brute-force / failed login activity. Source=RDP; Username=6; Count=; LogonType=3; SourcePort=0; Status=0xc000006d; SubStatus=0xc000006a; Auth=NTLM show less	Port Scan Brute-Force
🇦🇹 CTK	2026-06-09 03:17:06 (7 hours ago)	Customer Site (Grieskirchen FP)	Brute-Force
🇦🇺 dyln	2026-06-09 02:52:20 (8 hours ago)	Dyls honeypot brute-force: RDP (34 total hits)	Brute-Force
🇫🇷 Kimax	2026-06-09 02:51:53 (8 hours ago)	RdpGuard detected brute-force attempt on RDP	Brute-Force
🇳🇱 knock	2026-06-09 02:41:09 (8 hours ago)	Knock-Knock honeypot brute-force: RDP (2 total hits)	Brute-Force
🇳🇱 knock	2026-06-06 04:59:27 (3 days ago)	Knock-Knock honeypot brute-force: RDP (1 total hits)	Brute-Force
🇯🇵 mkaraki	2026-06-06 04:36:11 (3 days ago)	1780720568 # Service_probe # SIGNATURE_SEND # source_ip:128.1.131.7 # dst_port:3389 ...	Port Scan
🇺🇸 ShadowWhisperer	2026-06-06 04:13:42 (3 days ago)	RDP credential attempt.	Brute-Force Hacking
🇦🇺 dyln	2026-06-06 03:40:34 (3 days ago)	Dyls honeypot brute-force: RDP (33 total hits)	Brute-Force
🇸🇬 drewf.ink	2026-06-06 03:05:55 (3 days ago)	[03:05] Port scanning. Port(s) scanned: TCP/3389	Port Scan
🇳🇱 donarev419	2026-06-06 02:50:30 (3 days ago)	Connection to port 3389 with data transfer. Data preview:	Port Scan Hacking
🇬🇧 PeravixGroup	2026-06-06 02:48:35 (3 days ago)	Honeypot detection: Remote Desktop Protocol (RDP) brute-force attempt on port 3389. Severity: HIGH. ... show more Honeypot detection: Remote Desktop Protocol (RDP) brute-force attempt on port 3389. Severity: HIGH. Aaran.cloud show less	Brute-Force Hacking
🇺🇸 wristhulk	2026-06-05 01:47:37 (4 days ago)	Honeypot: RDP brute-force on OpenCanary honeypot (port 3389). Username: '173'.	Brute-Force
🇫🇷 ✨	2026-06-05 00:45:09 (4 days ago)	Rule : RDP Rule: RDP Event: RDP S-1-0-0 - - 0x0 S-1-0-0 Administrator - 0xc000006d %#13 0xc0000064 ... show more Rule : RDP Rule: RDP Event: RDP S-1-0-0 - - 0x0 S-1-0-0 Administrator - 0xc000006d %#13 0xc0000064 3 NtLmSsp NTLM workstation - - 0 0x0 - 128.1.131.7 0 show less	SSH Brute-Force

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 155.117.127.214

🇺🇸 146.190.154.100

🇨🇳 116.178.130.57

🇮🇳 115.245.198.210

🇲🇲 103.83.190.101

🇳🇬 102.90.103.89

🇳🇱 85.11.167.11

🇨🇳 43.226.39.182

🇻🇳 36.50.134.129

🇺🇸 20.168.6.41

🇺🇿 213.230.127.104

🇹🇼 203.222.1.32

🇪🇹 196.188.225.91

🇨🇳 125.80.210.152

🇫🇮 77.42.47.60

🇩🇪 69.5.169.39

🇳🇱 64.89.162.139

🇺🇸 47.254.39.239

🇭🇰 47.238.76.0

🇬🇧 45.143.198.133