Check an IP Address, Domain Name, Subnet, or ASN

118.193.73.8 was found in our database!

$ whois 118.193.73.8

country·🇵🇭 Philippines

city·Manila

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 118.193.73.8scoring →

confidence

94%Very High

first_seen·Jan 30, 2026

last_seen·2h ago

sessions·378

events·627

$ sikker protocols 118.193.73.8

SMTP

125 / 337

HTTPS

98 / 120

SMB

38 / 38

SSH

20 / 31

HTTP

31 / 31

MSSQL

29 / 29

IMAP

14 / 14

TELNET

8 / 12

SIP

7 / 7

FTP

5 / 5

DOCKER

2 / 2

ELASTICSEARCH

1 / 1

$ sikker summary 118.193.73.8

118.193.73.8 has a threat confidence score of 94%. This IP address from Philippines (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 378 honeypot sessions targeting SMTP, HTTPS, SMB, SSH, HTTP and 7 other protocols. First observed on January 30, 2026, most recently active March 22, 2026.

$ sikker behaviors 118.193.73.8catalog →

mediumSmb Remote Enumeration Via Samr And Srvsvc1x

Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.

mediumFtp Financial Partner Directory Enumeration1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

infoHttp Root Path Request20x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request5x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 118.193.73.8

http_method_get26 elastic_root_path_probe22 ftp_list_directory21 ftp_set_ascii_mode21 ftp_enter_passive_mode21 ftp_change_working_directory20 docker_get_method15 smtp_ehlo_greeting14 elastic_http_get_request9 smtp_starttls_upgrade_request8 https_path_root5 http_path_config_json4 https_path_config_json4 smb_root_read2 ftp_user_probe2 empty_ftp_command2 smb_srvsvc_rpc_bind2 http_path_bad_request2 docker_bad_request_uri2 elastic_cat_indices_enumeration2

$ sikker related 118.193.73.8

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.193.36.63	69%	273
45.43.37.254	100%	978
36.255.223.98	97%	426
165.154.129.43	76%	154
101.36.127.24	69%	161

IP Address	Confidence	Events
14.1.64.14	56%	21
122.54.191.165	21%	34
161.49.89.39	100%	1,017
165.154.32.235	91%	361
61.245.11.236	100%	492