Check an IP Address, Domain Name, Subnet, or ASN

165.154.11.225 was found in our database!

$ whois 165.154.11.225

country·🇳🇬 Nigeria

city·Lagos

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.11.225scoring →

confidence

71%High

first_seen·Jan 30, 2026

last_seen·1h ago

sessions·49

events·78

$ sikker protocols 165.154.11.225

SIP

14 / 36

HTTP

8 / 12

SSH

6 / 9

FTP

6 / 6

SMB

5 / 5

POSTGRES

5 / 5

RTSP

3 / 3

IMAP

2 / 2

$ sikker summary 165.154.11.225

165.154.11.225 has a threat confidence score of 71%. This IP address from Nigeria (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 49 honeypot sessions targeting SIP, HTTP, SSH, FTP, SMB and 3 other protocols. First observed on January 30, 2026, most recently active March 23, 2026.

$ sikker behaviors 165.154.11.225catalog →

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 165.154.11.225

http_method_get3 ftp_session_quit3 ftp_set_utf82 ftp_user_probe2 ftp_help_request2 ftp_set_binary_mode2 ftp_password_attempt2 http_path_bad_request2 ftp_system_type_request2 ftp_feature_list_request2 ftp_machine_list_directory2 ftp_enter_extended_passive_mode2 rtsp_options1 rtsp_describe1

$ sikker related 165.154.11.225

🇳🇬·More threats fromNigeria→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→FTP·More threats targetingFTP→SMB·More threats targetingSMB→POST·More threats targetingPOSTGRES→RTSP·More threats targetingRTSP→IMAP·More threats targetingIMAP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.2.235	97%	3,878
101.36.106.113	100%	1,020
103.210.21.242	100%	975
118.193.36.72	75%	3
165.154.4.51	96%	1,558

IP Address	Confidence	Events
102.91.103.225	18%	6
102.90.102.58	35%	3
102.221.238.110	27%	97
197.211.59.67	44%	6
102.91.71.116	44%	6