Check an IP Address, Domain Name, Subnet, or ASN

118.194.236.142 was found in our database!

$ whois 118.194.236.142

country·🇯🇵 Japan

city·Tokyo

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 118.194.236.142scoring →

confidence

90%Very High

first_seen·Feb 4, 2026

last_seen·2h ago

first_reported·Mar 13, 2026

last_reported·14d ago

sessions·252

events·373

reports·1

$ sikker protocols 118.194.236.142

SMTP

61 / 126

IMAP

45 / 62

REDIS

25 / 43 / 1r

SIP

22 / 36

MONGODB

26 / 26

HTTP

23 / 23

HTTPS

19 / 19

SSH

12 / 16

RDP

12 / 12

MYSQL

2 / 5

POSTGRES

4 / 4

ELASTICSEARCH

1 / 1

$ sikker summary 118.194.236.142

118.194.236.142 has a threat confidence score of 90%. This IP address from Japan (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 252 honeypot sessions and reported 1 times targeting SMTP, IMAP, REDIS, SIP, MONGODB and 7 other protocols. First observed on February 4, 2026, most recently active March 27, 2026.

$ sikker behaviors 118.194.236.142catalog →

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttp Root Path Request10x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 118.194.236.142

elastic_root_path_probe19 http_method_get15 elastic_http_get_request9 smtp_ehlo_greeting7 smtp_starttls_upgrade_request5 redis_info_lowercase3 http_path_bad_request3 mongodb_serverstatus_float_command3 http_path_config_json2 elastic_cat_indices_enumeration2 https_path_root1 mysql_show_databases1 https_path_config_json1 imap_command_authenticate1 elastic_http_favicon_path_probe1 elastic_http_bad_request_path_probe1 redis_command_http_host_header_port_63791

$ sikker reports 118.194.236.142submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 13, 2026, 01:10	Brute Force	REDIS	SikkerGuard: 2 blocked packets

$ sikker related 118.194.236.142

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.193.33.81	100%	318
165.154.120.77	93%	33
152.32.253.205	100%	944
152.32.131.112	100%	200
107.155.48.46	93%	42

IP Address	Confidence	Events
150.246.249.149	99%	3,912
172.104.100.117	80%	2,823
109.123.229.247	78%	353
172.104.93.159	72%	1,032
43.133.220.37	50%	96