Check an IP Address, Domain Name, Subnet, or ASN

165.154.129.201 was found in our database!

$ whois 165.154.129.201

country·🇬🇧 United Kingdom

city·City of London

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.129.201scoring →

confidence

87%Very High

first_seen·Jan 24, 2026

last_seen·9d ago

sessions·225

events·261

$ sikker protocols 165.154.129.201

HTTPS

102 / 121

SIP

46 / 57

HTTP

28 / 28

SSH

24 / 24

SMB

10 / 10

RDP

9 / 9

RTSP

3 / 9

ELASTICSEARCH

2 / 2

TELNET

1 / 1

$ sikker summary 165.154.129.201

165.154.129.201 has a threat confidence score of 87%. This IP address from United Kingdom (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 225 honeypot sessions targeting HTTPS, SIP, HTTP, SSH, SMB and 4 other protocols. First observed on January 24, 2026, most recently active April 22, 2026.

$ sikker behaviors 165.154.129.201catalog →

mediumSip Request Uri Sip Nm2x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Http Method Get3x

HTTP request using GET method.

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 165.154.129.201

http_method_get7 https_path_root6 elastic_http_get_request6 rtsp_options4 rtsp_describe4 http_path_bad_request4 elastic_http_bad_request_path_probe4 sip_request_uri_sip_nm3 elastic_root_path_probe2 https_path_bad_request1

$ sikker related 165.154.129.201

🇬🇧·More threats fromUnited Kingdom→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→SMB·More threats targetingSMB→RDP·More threats targetingRDP→RTSP·More threats targetingRTSP→ELAS·More threats targetingELASTICSEARCH→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.43.215	94%	219
165.154.60.204	93%	306
123.58.200.244	95%	912
45.43.63.34	96%	5,725
152.32.172.108	63%	671

IP Address	Confidence	Events
74.0.32.57	100%	16,685
64.89.163.133	93%	4,263
185.114.224.14	69%	2
193.181.46.24	98%	1,029
193.104.222.3	99%	3,115