Check an IP Address, Domain Name, Subnet, or ASN

118.193.39.117 was found in our database!

$ whois 118.193.39.117

country·🇭🇰 Hong Kong

city·Hong Kong

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 118.193.39.117scoring →

confidence

82%Very High

first_seen·Jan 20, 2026

last_seen·16h ago

sessions·124

events·187

$ sikker protocols 118.193.39.117

HTTP

44 / 80

HTTPS

51 / 66

RTSP

9 / 21

FTP

9 / 9

SIP

5 / 5

SSH

3 / 3

IMAP

2 / 2

DOCKER

1 / 1

$ sikker summary 118.193.39.117

118.193.39.117 has a threat confidence score of 82%. This IP address from Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 124 honeypot sessions targeting HTTP, HTTPS, RTSP, FTP, SIP and 3 other protocols. First observed on January 20, 2026, most recently active March 21, 2026.

$ sikker behaviors 118.193.39.117catalog →

lowRtsp Stream Enumeration3x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttps Root Path Request5x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 118.193.39.117

rtsp_options9 rtsp_describe9 https_path_root5 docker_get_method4 ftp_set_utf83 ftp_user_probe3 http_method_get3 ftp_help_request3 ftp_session_quit3 ftp_set_binary_mode3 ftp_password_attempt3 ftp_system_type_request3 ftp_feature_list_request3 ftp_enter_extended_passive_mode3 ftp_machine_list_directory2 imap_logout1 http_path_bad_request1 imap_capability_probe1

$ sikker related 118.193.39.117

🇭🇰·More threats fromHong Kong→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→RTSP·More threats targetingRTSP→FTP·More threats targetingFTP→SIP·More threats targetingSIP→SSH·More threats targetingSSH→IMAP·More threats targetingIMAP→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
101.36.108.178	98%	671
152.32.213.168	99%	459
165.154.36.71	100%	966
101.36.127.212	100%	168
45.194.70.254	77%	161

IP Address	Confidence	Events
43.99.2.206	83%	1,348
83.229.127.217	99%	337
43.154.233.209	97%	46
172.110.223.44	99%	36,516
103.144.2.208	100%	512