Check an IP Address, Domain Name, Subnet, or ASN

165.154.134.156 was found in our database!

$ whois 165.154.134.156

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.134.156scoring →

confidence

70%High

first_seen·Jan 20, 2026

last_seen·1h ago

sessions·53

events·86

$ sikker protocols 165.154.134.156

FTP

12 / 28

HTTPS

17 / 17

IMAP

6 / 16

HTTP

4 / 11

RDP

9 / 9

SSH

3 / 3

SMTP

2 / 2

$ sikker summary 165.154.134.156

165.154.134.156 has a threat confidence score of 70%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 53 honeypot sessions targeting FTP, HTTPS, IMAP, HTTP, RDP and 2 other protocols. First observed on January 20, 2026, most recently active March 24, 2026.

$ sikker behaviors 165.154.134.156catalog →

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Direct Bad Request Endpoint Access1x

Identifies direct HTTPS requests to the /bad-request path, indicating manual or automated probing of error-handling routes rather than normal application flow.

$ sikker primitives 165.154.134.156

ftp_set_utf84 ftp_user_probe4 ftp_session_quit4 ftp_set_binary_mode4 ftp_password_attempt4 ftp_feature_list_request4 ftp_enter_extended_passive_mode4 ftp_help_request3 ftp_system_type_request3 ftp_machine_list_directory3 imap_logout1 http_method_get1 https_path_root1 smtp_ehlo_greeting1 http_path_bad_request1 imap_capability_probe1 https_path_bad_request1

$ sikker related 165.154.134.156

🇺🇸·More threats fromUnited States→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→FTP·More threats targetingFTP→HTTP·More threats targetingHTTPS→IMAP·More threats targetingIMAP→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→SSH·More threats targetingSSH→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.160.252	84%	884
165.154.1.39	96%	1,457
165.154.11.172	97%	728
123.58.212.9	97%	3,791
101.36.112.235	100%	582

IP Address	Confidence	Events
92.118.39.62	100%	376,723
198.235.24.153	86%	225
96.0.160.144	87%	24,242
172.68.174.93	5%	2
198.235.24.80	96%	316