Check an IP Address, Domain Name, Subnet, or ASN

165.154.120.13 was found in our database!

$ whois 165.154.120.13

country·🇹🇭 Thailand

city·Bangkok

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.120.13scoring →

confidence

84%Very High

first_seen·Jan 28, 2026

last_seen·1h ago

first_reported·Mar 14, 2026

last_reported·9d ago

sessions·128

events·186

reports·1

$ sikker protocols 165.154.120.13

HTTPS

85 / 121

SIP

21 / 32

HTTP

8 / 19 / 1r

MSSQL

6 / 6

FTP

3 / 3

RTSP

3 / 3

SMTP

2 / 2

$ sikker summary 165.154.120.13

165.154.120.13 has a threat confidence score of 84%. This IP address from Thailand (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 128 honeypot sessions and reported 1 times targeting HTTPS, SIP, HTTP, MSSQL, FTP and 2 other protocols. First observed on January 28, 2026, most recently active March 23, 2026.

$ sikker behaviors 165.154.120.13catalog →

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 165.154.120.13

https_path_root4 ftp_set_utf81 rtsp_options1 rtsp_describe1 ftp_user_probe1 http_method_get1 ftp_help_request1 ftp_session_quit1 smtp_ehlo_greeting1 ftp_set_binary_mode1 ftp_password_attempt1 http_path_bad_request1 ftp_system_type_request1 ftp_feature_list_request1 ftp_machine_list_directory1 ftp_enter_extended_passive_mode1

$ sikker reports 165.154.120.13submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 14, 2026, 16:44	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 165.154.120.13

🇹🇭·More threats fromThailand→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→MSSQ·More threats targetingMSSQL→FTP·More threats targetingFTP→RTSP·More threats targetingRTSP→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.36.102	69%	69
165.154.22.216	94%	53
103.72.147.77	98%	58
165.154.24.138	93%	32
152.32.189.137	95%	396

IP Address	Confidence	Events
58.11.72.87	99%	43
1.4.193.25	44%	6
112.121.151.84	89%	13,290
47.87.70.243	89%	75
43.173.249.23	96%	2,309