Check an IP Address, Domain Name, Subnet, or ASN

165.154.12.127 was found in our database!

$ whois 165.154.12.127

country·🇦🇪 United Arab Emirates

city·Dubai

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.12.127scoring →

confidence

90%Very High

first_seen·Jan 30, 2026

last_seen·2h ago

sessions·227

events·334

$ sikker protocols 165.154.12.127

FTP

15 / 122

SMB

48 / 48

HTTPS

40 / 40

IMAP

31 / 31

SMTP

28 / 28

SIP

22 / 22

SSH

12 / 12

MSSQL

11 / 11

REDIS

9 / 9

HTTP

7 / 7

TELNET

4 / 4

$ sikker summary 165.154.12.127

165.154.12.127 has a threat confidence score of 90%. This IP address from United Arab Emirates (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 227 honeypot sessions targeting FTP, SMB, HTTPS, IMAP, SMTP and 6 other protocols. First observed on January 30, 2026, most recently active March 22, 2026.

$ sikker behaviors 165.154.12.127catalog →

mediumFtp Financial Partner Directory Enumeration2x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

lowFtp Control Channel Protocol Anomaly1x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

$ sikker primitives 165.154.12.127

ftp_list_directory42 ftp_set_ascii_mode42 ftp_enter_passive_mode42 ftp_change_working_directory40 empty_ftp_command6 http_method_get5 ftp_control_channel_binary_payload5 ftp_user_probe4 ftp_auth_tls2 https_path_root2 ftp_help_request2 smtp_ehlo_greeting2 ftp_password_attempt2 https_path_config_json2 ftp_change_directory_etc2 ftp_feature_list_request2 ftp_change_directory_data2 ftp_change_directory_backups2 ftp_change_directory_configs2 ftp_change_directory_data_hr2

$ sikker related 165.154.12.127

Report IP WHOIS Lookup →

IP Address	Confidence	Events
123.58.212.9	97%	3,607
118.193.33.71	79%	9
101.36.97.131	78%	226
152.32.225.108	73%	108
45.43.63.34	96%	1,425

IP Address	Confidence	Events
92.99.195.230	99%	80
31.57.216.224	71%	56
152.32.181.108	96%	795
158.252.108.242	47%	49
31.56.208.84	74%	266