Check an IP Address, Domain Name, Subnet, or ASN

118.194.252.40 was found in our database!

$ whois 118.194.252.40

country·🇹🇼 Taiwan

city·Taipei

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 118.194.252.40scoring →

confidence

82%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Feb 27, 2026

last_reported·27d ago

sessions·16

events·30

reports·1

$ sikker protocols 118.194.252.40

FTP

3 / 10

HTTP

2 / 5 / 1r

RTSP

2 / 4

TELNET

2 / 3

SSH

2 / 2

MSSQL

2 / 2

POSTGRES

1 / 2

IMAP

1 / 1

HTTPS

1 / 1

$ sikker summary 118.194.252.40

118.194.252.40 has a threat confidence score of 82%. This IP address from Taiwan (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 16 honeypot sessions and reported 1 times targeting FTP, HTTP, RTSP, TELNET, SSH and 4 other protocols. First observed on January 21, 2026, most recently active March 26, 2026.

$ sikker behaviors 118.194.252.40catalog →

mediumRtsp Credentialed Options Probe2x

RTSP OPTIONS request containing embedded credentials in the URI (for example admin:password@host). Unlike standard discovery probes, this indicates an automated attempt to enumerate camera or media endpoints while testing known or default credentials. This pattern is commonly associated with IoT botnets and opportunistic scanners targeting exposed RTSP services rather than passive measurement traffic.

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 118.194.252.40

rtsp_options4 rtsp_options_with_admin_credentials4 http_method_get1 https_path_root1

$ sikker reports 118.194.252.40submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Feb 27, 2026, 09:26	Brute Force	HTTP	SikkerGuard: 6 blocked packets

$ sikker related 118.194.252.40

🇹🇼·More threats fromTaiwan→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→RTSP·More threats targetingRTSP→TELN·More threats targetingTELNET→SSH·More threats targetingSSH→MSSQ·More threats targetingMSSQL→POST·More threats targetingPOSTGRES→IMAP·More threats targetingIMAP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.129.220	81%	281
123.58.219.3	94%	18
152.32.132.215	100%	244
152.32.239.90	100%	986
101.36.106.162	100%	164

IP Address	Confidence	Events
213.209.159.66	84%	6,957
213.177.179.62	83%	6,739
60.244.155.70	100%	1,126
111.70.7.189	44%	189
118.168.101.42	35%	3