Check an IP Address, Domain Name, Subnet, or ASN

123.58.207.81 was found in our database!

$ whois 123.58.207.81

country·🇬🇧 United Kingdom

city·City of London

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 123.58.207.81scoring →

confidence

87%Very High

first_seen·Jan 26, 2026

last_seen·1h ago

first_reported·Mar 22, 2026

last_reported·2d ago

sessions·97

events·159

reports·1

$ sikker protocols 123.58.207.81

HTTPS

68 / 123

HTTP

4 / 11

FTP

6 / 6 / 1r

RTSP

6 / 6

SMB

5 / 5

MONGODB

4 / 4

IMAP

2 / 2

SMTP

2 / 2

$ sikker summary 123.58.207.81

123.58.207.81 has a threat confidence score of 87%. This IP address from United Kingdom (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 97 honeypot sessions and reported 1 times targeting HTTPS, HTTP, FTP, RTSP, SMB and 3 other protocols. First observed on January 26, 2026, most recently active March 24, 2026.

$ sikker behaviors 123.58.207.81catalog →

lowRtsp Stream Enumeration2x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoMongodb Buildinfo Fingerprinting1x

Client issues the MongoDB buildInfo command to retrieve detailed server version and build metadata, enabling software fingerprinting and environment profiling. This behavior reflects early-stage reconnaissance commonly performed by automated scanners, vulnerability assessment tooling, or exploitation frameworks to identify MongoDB deployment characteristics and determine suitability for subsequent enumeration or attack activity.

$ sikker primitives 123.58.207.81

ftp_set_utf82 rtsp_options2 rtsp_describe2 ftp_user_probe2 https_path_root2 ftp_help_request2 ftp_session_quit2 ftp_set_binary_mode2 ftp_password_attempt2 ftp_system_type_request2 ftp_feature_list_request2 ftp_machine_list_directory2 ftp_enter_extended_passive_mode2 http_method_get1 smtp_ehlo_greeting1 http_path_bad_request1 mongodb_buildinfo_command1 mongodb_serverstatus_float_command1

$ sikker reports 123.58.207.81submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 22, 2026, 02:09	Brute Force	FTP	SikkerGuard: 2 blocked packets

$ sikker related 123.58.207.81

🇬🇧·More threats fromUnited Kingdom→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→FTP·More threats targetingFTP→RTSP·More threats targetingRTSP→SMB·More threats targetingSMB→MONG·More threats targetingMONGODB→IMAP·More threats targetingIMAP→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
123.58.212.9	97%	3,783
165.154.24.138	94%	64
165.154.36.71	100%	1,002
165.154.2.235	97%	4,006
45.249.246.120	100%	198

IP Address	Confidence	Events
185.247.137.73	92%	440
185.247.137.55	85%	452
87.236.176.252	91%	450
87.236.176.238	94%	513
194.213.3.5	96%	3,671