Check an IP Address, Domain Name, Subnet, or ASN

165.154.135.161 was found in our database!

$ whois 165.154.135.161

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.135.161scoring →

confidence

85%Very High

first_seen·Jan 22, 2026

last_seen·1h ago

sessions·167

events·205

$ sikker protocols 165.154.135.161

HTTPS

85 / 103

SIP

11 / 22

SMTP

18 / 18

SSH

9 / 12

RTSP

6 / 12

IMAP

10 / 10

HTTP

8 / 8

MSSQL

6 / 6

REDIS

6 / 6

SMB

5 / 5

FTP

3 / 3

$ sikker summary 165.154.135.161

165.154.135.161 has a threat confidence score of 85%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 167 honeypot sessions targeting HTTPS, SIP, SMTP, SSH, RTSP and 6 other protocols. First observed on January 22, 2026, most recently active May 1, 2026.

$ sikker behaviors 165.154.135.161catalog →

lowRtsp Stream Enumeration2x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttps Root Path Request5x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 165.154.135.161

rtsp_options5 rtsp_describe5 https_path_root5 http_method_get4 http_path_bad_request3 smtp_ehlo_greeting2 redis_info_lowercase2 smtp_quit_session_termination2 imap_logout1 ftp_set_utf81 ftp_user_probe1 ftp_help_request1 ftp_set_binary_mode1 ftp_password_attempt1 imap_capability_probe1 sip_request_uri_sip_nm1 ftp_system_type_request1 ftp_feature_list_request1 ftp_machine_list_directory1 ftp_enter_extended_passive_mode1

$ sikker related 165.154.135.161

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.120.211	93%	900
152.32.135.81	86%	342
152.32.207.124	77%	317
165.154.36.71	100%	1,212
123.58.200.167	95%	975

IP Address	Confidence	Events
45.148.9.8	97%	1,710
34.123.42.157	95%	4,092
24.45.250.145	94%	1,297
184.105.247.252	100%	3,556
65.49.1.234	76%	190