Check an IP Address, Domain Name, Subnet, or ASN

104.218.165.188 was found in our database!

$ whois 104.218.165.188

country·🇬🇧 United Kingdom

city·London

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 104.218.165.188scoring →

confidence

97%Very High

first_seen·Jan 22, 2026

last_seen·1h ago

first_reported·Mar 18, 2026

last_reported·5d ago

sessions·347

events·606

reports·1

$ sikker protocols 104.218.165.188

SMTP

89 / 229 / 1r

HTTPS

113 / 206

SIP

36 / 47

TELNET

20 / 32

HTTP

28 / 28

FTP

20 / 20

IMAP

16 / 16

REDIS

8 / 8

MYSQL

2 / 5

RDP

4 / 4

POSTGRES

4 / 4

ELASTICSEARCH

4 / 4

RTSP

3 / 3

$ sikker summary 104.218.165.188

104.218.165.188 has a threat confidence score of 97%. This IP address from United Kingdom (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 347 honeypot sessions and reported 1 times targeting SMTP, HTTPS, SIP, TELNET, HTTP and 8 other protocols. First observed on January 22, 2026, most recently active March 24, 2026.

$ sikker behaviors 104.218.165.188catalog →

mediumFtp Financial Partner Directory Enumeration2x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttp Root Path Request13x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade2x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 104.218.165.188

elastic_root_path_probe79 ftp_list_directory42 ftp_set_ascii_mode42 ftp_enter_passive_mode42 ftp_change_working_directory40 elastic_http_get_request36 http_method_get18 smtp_ehlo_greeting14 empty_ftp_command13 smtp_starttls_upgrade_request9 elastic_cat_indices_enumeration8 https_path_root6 ftp_user_probe4 elastic_http_favicon_path_probe4 elastic_http_bad_request_path_probe4 http_path_config_json3 ftp_auth_tls2 ftp_help_request2 ftp_password_attempt2 http_path_bad_request2

$ sikker reports 104.218.165.188submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 18, 2026, 16:58	Brute Force	SMTP	SikkerGuard: 2 blocked packets

$ sikker related 104.218.165.188

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.225.94	94%	75
152.32.255.94	94%	689
118.193.33.71	94%	55
123.58.212.9	97%	3,765
118.193.57.59	79%	156

IP Address	Confidence	Events
64.89.163.180	100%	35,683
87.236.176.118	91%	440
46.101.82.104	80%	104
87.236.176.28	96%	503
2a06:4883:5000::57	52%	140