Check an IP Address, Domain Name, Subnet, or ASN

165.154.129.130 was found in our database!

$ whois 165.154.129.130

country·🇬🇧 United Kingdom

city·City of London

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.129.130scoring →

confidence

84%Very High

first_seen·Feb 3, 2026

last_seen·1h ago

sessions·229

events·365

$ sikker protocols 165.154.129.130

FTP

5 / 111

HTTP

30 / 42

HTTPS

40 / 40

RTSP

39 / 39

SMTP

29 / 29

IMAP

13 / 28

SIP

14 / 14

RDP

12 / 12

SMB

12 / 12

MSSQL

11 / 11

REDIS

9 / 9

MONGODB

9 / 9

MYSQL

2 / 5

SSH

4 / 4

$ sikker summary 165.154.129.130

165.154.129.130 has a threat confidence score of 84%. This IP address from United Kingdom (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 229 honeypot sessions targeting FTP, HTTP, HTTPS, RTSP, SMTP and 9 other protocols. First observed on February 3, 2026, most recently active March 22, 2026.

$ sikker behaviors 165.154.129.130catalog →

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

lowFtp Control Channel Protocol Anomaly1x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttp Root Path Request14x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 165.154.129.130

http_method_get19 ftp_control_channel_binary_payload4 http_path_config_json3 https_path_root2 empty_ftp_command2 smtp_ehlo_greeting2 http_path_bad_request2 smtp_starttls_upgrade_request2 mysql_show_databases1 redis_info_lowercase1 https_path_config_json1 imap_command_authenticate1 mongodb_serverstatus_float_command1 redis_command_http_host_header_port_63791

$ sikker related 165.154.129.130

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.141.154	87%	637
165.154.2.235	97%	3,767
152.32.128.212	96%	21
152.32.185.214	100%	1,074
152.32.131.112	100%	173

IP Address	Confidence	Events
51.89.235.201	89%	55,405
194.213.3.5	96%	3,221
172.69.224.201	5%	3
193.181.41.14	97%	5,199
185.247.137.110	92%	462