Check an IP Address, Domain Name, Subnet, or ASN

118.194.251.246 was found in our database!

$ whois 118.194.251.246

country·🇹🇭 Thailand

city·Bangkok

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 118.194.251.246scoring →

confidence

92%Very High

first_seen·Jan 31, 2026

last_seen·1h ago

sessions·327

events·416

$ sikker protocols 118.194.251.246

HTTPS

113 / 137

SMTP

50 / 80

IMAP

30 / 64

MSSQL

31 / 31

SMB

25 / 25

SIP

22 / 22

FTP

10 / 10

REDIS

9 / 9

MONGODB

9 / 9

SSH

8 / 8

HTTP

7 / 7

POSTGRES

4 / 5

RDP

4 / 4

RTSP

3 / 3

MYSQL

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 118.194.251.246

118.194.251.246 has a threat confidence score of 92%. This IP address from Thailand (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 327 honeypot sessions targeting HTTPS, SMTP, IMAP, MSSQL, SMB and 11 other protocols. First observed on January 31, 2026, most recently active March 27, 2026.

$ sikker behaviors 118.194.251.246catalog →

mediumFtp Financial Partner Directory Enumeration2x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 118.194.251.246

ftp_list_directory42 ftp_set_ascii_mode42 ftp_enter_passive_mode42 ftp_change_working_directory40 elastic_root_path_probe19 elastic_http_get_request9 https_path_root6 http_method_get5 ftp_user_probe4 https_path_config_json4 empty_ftp_command3 smtp_ehlo_greeting3 ftp_auth_tls2 ftp_help_request2 ftp_password_attempt2 ftp_change_directory_etc2 ftp_feature_list_request2 ftp_change_directory_data2 ftp_change_directory_backups2 ftp_change_directory_configs2

$ sikker related 118.194.251.246

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.193.33.81	100%	318
165.154.120.77	93%	33
152.32.253.205	100%	944
152.32.131.112	100%	200
107.155.48.46	93%	42

IP Address	Confidence	Events
49.228.246.103	97%	8
110.77.170.208	53%	13
125.24.133.234	35%	3
101.51.231.70	23%	1
49.228.96.53	35%	3