Check an IP Address, Domain Name, Subnet, or ASN

165.154.11.210 was found in our database!

$ whois 165.154.11.210

country·🇳🇬 Nigeria

city·Lagos

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.11.210scoring →

confidence

95%Very High

first_seen·Mar 24, 2026

last_seen·2h ago

sessions·185

events·185

$ sikker protocols 165.154.11.210

SIP

72 / 72

SMTP

30 / 30

HTTP

21 / 21

HTTPS

19 / 19

RTSP

9 / 9

MONGODB

9 / 9

RDP

8 / 8

SSH

8 / 8

FTP

5 / 5

POSTGRES

4 / 4

$ sikker summary 165.154.11.210

165.154.11.210 has a threat confidence score of 95%. This IP address from Nigeria (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 185 honeypot sessions targeting SIP, SMTP, HTTP, HTTPS, RTSP and 5 other protocols. First observed on March 24, 2026, most recently active April 26, 2026.

$ sikker behaviors 165.154.11.210catalog →

mediumSip Request Uri Sip Nm6x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

infoHttp Http Method Get9x

HTTP request using GET method.

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Fetch Robots Txt3x

HTTP GET request to /robots.txt.

infoHttps Path Robots Txt1x

HTTPS request to /robots.txt.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 165.154.11.210

http_method_get17 sip_request_uri_sip_nm6 http_path_config_json3 http_robots_txt_path_probe3 ftp_user_probe2 empty_ftp_command2 smtp_ehlo_greeting2 http_path_bad_request2 smtp_starttls_upgrade_request2 ftp_control_channel_binary_payload2 ftp_auth_tls1 https_path_root1 ftp_help_request1 ftp_set_ascii_mode1 ftp_password_attempt1 https_path_robots_txt1 ftp_enter_passive_mode1 https_path_config_json1 ftp_feature_list_request1 https_favicon_ico_request1

$ sikker related 165.154.11.210

🇳🇬·More threats fromNigeria→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→SIP·More threats targetingSIP→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→RTSP·More threats targetingRTSP→MONG·More threats targetingMONGODB→RDP·More threats targetingRDP→SSH·More threats targetingSSH→FTP·More threats targetingFTP→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
103.210.21.35	92%	665
123.58.200.167	96%	696
118.193.56.172	94%	831
118.193.64.235	78%	213
123.58.212.9	96%	8,198

IP Address	Confidence	Events
102.88.137.145	100%	1,053
102.88.137.80	100%	3,747
102.88.137.213	100%	3,021
152.32.140.22	92%	190
102.90.42.160	39%	4