Check an IP Address, Domain Name, Subnet, or ASN

118.193.69.177 was found in our database!

$ whois 118.193.69.177

country·🇰🇷 South Korea

city·Seoul

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 118.193.69.177scoring →

confidence

88%Very High

first_seen·Jan 20, 2026

last_seen·1h ago

sessions·315

events·628

$ sikker protocols 118.193.69.177

SMTP

108 / 321

HTTPS

76 / 100

HTTP

49 / 85

RTSP

15 / 31

FTP

10 / 24

SSH

12 / 12

SIP

11 / 11

MSSQL

11 / 11

MYSQL

3 / 9

REDIS

8 / 8

TELNET

4 / 8

RDP

4 / 4

ELASTICSEARCH

4 / 4

$ sikker summary 118.193.69.177

118.193.69.177 has a threat confidence score of 88%. This IP address from South Korea (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 315 honeypot sessions targeting SMTP, HTTPS, HTTP, RTSP, FTP and 8 other protocols. First observed on January 20, 2026, most recently active March 22, 2026.

$ sikker behaviors 118.193.69.177catalog →

lowMysql Schema Discovery Bot3x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

lowFtp Control Channel Protocol Anomaly1x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttp Root Path Request12x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 118.193.69.177

elastic_root_path_probe82 elastic_http_get_request36 http_method_get16 smtp_ehlo_greeting15 smtp_starttls_upgrade_request8 elastic_cat_indices_enumeration8 elastic_http_favicon_path_probe4 elastic_http_bad_request_path_probe4 https_path_root3 mysql_show_databases3 http_path_config_json3 ftp_control_channel_binary_payload3 empty_ftp_command2 https_path_config_json2 redis_info_lowercase1 http_path_bad_request1

$ sikker related 118.193.69.177

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.140.12	98%	513
152.32.192.241	37%	72
152.32.169.42	96%	411
45.43.63.34	96%	1,391
165.154.2.235	97%	3,748

IP Address	Confidence	Events
152.32.243.245	99%	911
118.128.157.134	97%	5,417
222.108.147.76	94%	31
43.155.182.126	96%	2,339
1.176.134.230	78%	94