Check an IP Address, Domain Name, Subnet, or ASN

165.154.118.215 was found in our database!

$ whois 165.154.118.215

country·🇹🇭 Thailand

city·Bangkok

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.118.215scoring →

confidence

85%Very High

first_seen·Jan 22, 2026

last_seen·1h ago

sessions·438

events·877

$ sikker protocols 165.154.118.215

SMTP

178 / 594

HTTP

112 / 124

SSH

32 / 32

SIP

27 / 27

SMB

26 / 26

HTTPS

19 / 19

TELNET

8 / 16

POSTGRES

12 / 15

MSSQL

12 / 12

REDIS

9 / 9

MYSQL

1 / 1

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 165.154.118.215

165.154.118.215 has a threat confidence score of 85%. This IP address from Thailand (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 438 honeypot sessions targeting SMTP, HTTP, SSH, SIP, SMB and 8 other protocols. First observed on January 22, 2026, most recently active April 24, 2026.

$ sikker behaviors 165.154.118.215catalog →

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttp Fetch Robots Txt4x

HTTP GET request to /robots.txt.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Path Robots Txt1x

HTTPS request to /robots.txt.

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 165.154.118.215

smtp_ehlo_greeting35 smtp_starttls_upgrade_request22 smb_c_share_access19 elastic_root_path_probe13 docker_get_method9 elastic_http_get_request9 smb_root_read8 http_method_get4 http_robots_txt_path_probe4 smb_wildcard_match3 smb_srvsvc_rpc_bind2 sip_request_uri_sip_nm2 elastic_cat_indices_enumeration2 smb_rpc_srvsvc_interface_access2 smb_samr_rpc_bind1 mysql_show_databases1 redis_info_lowercase1 smb_ipc_share_access1 smb_srvsvc_pipe_open1 https_path_robots_txt1

$ sikker related 165.154.118.215

Report IP WHOIS Lookup →

IP Address	Confidence	Events
123.58.200.244	95%	355
165.154.120.211	93%	737
36.255.220.44	100%	266
107.155.48.46	96%	96
152.32.209.116	93%	477

IP Address	Confidence	Events
165.101.64.90	95%	3,228
152.32.247.233	96%	5,983
165.154.120.77	94%	1,086
113.53.152.184	42%	5
165.154.120.211	93%	737