Check an IP Address, Domain Name, Subnet, or ASN

165.154.128.199 was found in our database!

$ whois 165.154.128.199

country·🇬🇧 United Kingdom

city·City of London

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.128.199scoring →

confidence

80%Very High

first_seen·Feb 3, 2026

last_seen·1h ago

first_reported·Mar 20, 2026

last_reported·12d ago

sessions·129

events·248

reports·2

$ sikker protocols 165.154.128.199

SMTP

15 / 83

IMAP

15 / 38

MONGODB

17 / 26 / 1r

REDIS

8 / 26

HTTPS

19 / 19

SMB

12 / 12

SSH

12 / 12

POSTGRES

8 / 9 / 1r

RDP

8 / 8

HTTP

7 / 7

TELNET

4 / 4

RTSP

3 / 3

ELASTICSEARCH

1 / 1

$ sikker summary 165.154.128.199

165.154.128.199 has a threat confidence score of 80%. This IP address from United Kingdom (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 129 honeypot sessions and reported 2 times targeting SMTP, IMAP, MONGODB, REDIS, HTTPS and 8 other protocols. First observed on February 3, 2026, most recently active April 2, 2026.

$ sikker behaviors 165.154.128.199catalog →

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoMongodb Serverstatus Discovery1x

Client issues MongoDB serverStatus requests and disconnects shortly after, indicating service inspection rather than active database interaction. This pattern is commonly associated with automated discovery activity where scanners collect runtime metrics or confirm database exposure without performing further queries.

$ sikker primitives 165.154.128.199

elastic_root_path_probe31 elastic_http_get_request9 smtp_ehlo_greeting5 mongodb_serverstatus3 smtp_starttls_upgrade_request3 elastic_cat_indices_enumeration2 http_method_get1 https_path_root1 http_path_bad_request1 https_path_config_json1 elastic_http_favicon_path_probe1 mongodb_serverstatus_float_command1 elastic_http_bad_request_path_probe1 redis_command_http_host_header_port_63791

$ sikker reports 165.154.128.199submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 21, 2026, 19:14	Brute Force	MONGODB	SikkerGuard: 2 blocked packets
User	Mar 20, 2026, 13:55	Brute Force	POSTGRES	SikkerGuard: 2 blocked packets

$ sikker related 165.154.128.199

Report IP WHOIS Lookup →

IP Address	Confidence	Events
128.1.132.137	100%	846
101.36.122.186	100%	264
152.32.129.17	100%	290
152.32.131.112	100%	254
165.154.6.66	100%	185

IP Address	Confidence	Events
193.181.46.33	98%	5,336
2.58.203.191	94%	76
87.236.176.152	88%	494
193.104.222.131	99%	21,965
158.220.86.73	95%	1,708