Check an IP Address, Domain Name, Subnet, or ASN

123.58.207.151 was found in our database!

$ whois 123.58.207.151

country·🇬🇧 United Kingdom

city·City of London

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 123.58.207.151scoring →

confidence

92%Very High

first_seen·Feb 3, 2026

last_seen·1h ago

sessions·569

events·965

$ sikker protocols 123.58.207.151

HTTPS

266 / 567

SIP

72 / 98

SMTP

49 / 80

FTP

65 / 65

IMAP

41 / 63

HTTP

14 / 26

MSSQL

22 / 22

TELNET

12 / 16

SMB

14 / 14

RDP

8 / 8

POSTGRES

4 / 4

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 123.58.207.151

123.58.207.151 has a threat confidence score of 92%. This IP address from United Kingdom (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 569 honeypot sessions targeting HTTPS, SIP, SMTP, FTP, IMAP and 8 other protocols. First observed on February 3, 2026, most recently active March 22, 2026.

$ sikker behaviors 123.58.207.151catalog →

mediumSmb Remote Enumeration Via Samr And Srvsvc1x

Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.

lowFtp Control Channel Protocol Anomaly10x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 123.58.207.151

ftp_control_channel_binary_payload42 empty_ftp_command20 elastic_root_path_probe13 elastic_http_get_request9 http_method_get7 docker_get_method6 https_path_root4 smtp_ehlo_greeting3 smb_root_read2 smb_srvsvc_rpc_bind2 http_path_bad_request2 elastic_cat_indices_enumeration2 smb_samr_rpc_bind1 smb_ipc_share_access1 smb_srvsvc_pipe_open1 http_path_config_json1 docker_bad_request_uri1 https_path_config_json1 smtp_starttls_upgrade_request1 elastic_http_favicon_path_probe1

$ sikker related 123.58.207.151

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.193.58.125	99%	671
165.154.24.138	66%	4
152.32.245.27	62%	153
152.32.186.86	61%	3
104.218.164.117	87%	1,111

IP Address	Confidence	Events
159.65.22.24	92%	22
185.247.137.150	91%	431
51.89.235.201	89%	55,487
87.236.176.68	90%	427
94.72.102.118	95%	881