118.193.65.209 — UCLOUD INFORMATION TECHNOLOGY HK LIMITED, GB — Very High (90%)

Check an IP Address, Domain Name, Subnet, or ASN

118.193.65.209 was found in our database!

Confidence Level

90%

Very High?

Geolocation

🇬🇧

United KingdomCity of London

ISPUCLOUD INFORMATION TECHNOLOGY HK LIMITED

ASNAS135377

Activity Timeline

First seenJan 30, 2026, 10:44 AM

Last seen8d ago

341Sessions

1,330Events

Protocol Breakdown

SMTP

210 / 1182

HTTP

84 / 84

SSH

16 / 24

MONGODB

8 / 17

MSSQL

11 / 11

SIP

7 / 7

FTP

5 / 5

118.193.65.209 has a very high threat confidence level of 90%, originating from City of London, United Kingdom, on the UCLOUD INFORMATION TECHNOLOGY HK LIMITED network (135377). It has been observed across 341 sessions targeting SMTP, HTTP, SSH, MONGODB, MSSQL and 2 other protocols, First observed on January 30, 2026, most recently active February 22, 2026.

Behaviors

Classified behavioral patterns observed

Ftp Financial Partner Directory Enumeration

medium1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

Http Root Path Request

info4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Ftp Tls Upgrade

info1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

Mongodb Serverstatus Discovery

info1x

Client issues MongoDB serverStatus requests and disconnects shortly after, indicating service inspection rather than active database interaction. This pattern is commonly associated with automated discovery activity where scanners collect runtime metrics or confirm database exposure without performing further queries.

Primitives

Individual actions observed

Ftp List Directory21 Ftp Set Ascii Mode21 Ftp Enter Passive Mode21 Ftp Change Working Directory20 Smtp Ehlo Greeting17 Smtp Starttls Upgrade Request16 Http Method Get4 Mongodb Serverstatus3 Ftp User Probe2 Empty Ftp Command2 Ftp Auth Tls1 Ftp Help Request1 Ftp Password Attempt1 Ftp Change Directory Etc1 Ftp Feature List Request1 Ftp Change Directory Data1 Ftp Change Directory Backups1 Ftp Change Directory Configs1 Ftp Change Directory Data Hr1 Ftp Change Directory Partners1

Related Threats

Explore related threat intelligence

🇬🇧More threats fromUnited Kingdom ASMore threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED SMTPMore threats targetingSMTP HTTPMore threats targetingHTTP SSHMore threats targetingSSH MONGODBMore threats targetingMONGODB MSSQLMore threats targetingMSSQL SIPMore threats targetingSIP FTPMore threats targetingFTP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
118.194.231.208	100%	659
118.194.234.14	91%	780
152.32.218.149	100%	567
101.36.109.176	100%	747
101.36.113.241	100%	783

IP Address	Confidence	Events
64.89.163.137	93%	3,221
159.65.25.131	99%	184
78.153.140.39	100%	1,934
185.247.137.137	87%	279
78.153.140.93	100%	2,137