Check an IP Address, Domain Name, Subnet, or ASN

165.154.138.107 was found in our database!

$ whois 165.154.138.107

country·🇩🇪 Germany

city·Frankfurt am Main

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.138.107scoring →

confidence

91%Very High

first_seen·Jan 31, 2026

last_seen·1h ago

sessions·268

events·317

$ sikker protocols 165.154.138.107

HTTP

84 / 84

HTTPS

52 / 52

SMTP

37 / 37

FTP

10 / 36

REDIS

8 / 27

SMB

24 / 24

SIP

21 / 21

SSH

8 / 12

MSSQL

12 / 12

RDP

8 / 8

RTSP

3 / 3

DOCKER

1 / 1

$ sikker summary 165.154.138.107

165.154.138.107 has a threat confidence score of 91%. This IP address from Germany (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 268 honeypot sessions targeting HTTP, HTTPS, SMTP, FTP, REDIS and 7 other protocols. First observed on January 31, 2026, most recently active March 22, 2026.

$ sikker behaviors 165.154.138.107catalog →

mediumFtp Financial Partner Directory Enumeration1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

lowFtp Control Channel Protocol Anomaly1x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttp Root Path Request48x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 165.154.138.107

http_method_get63 ftp_list_directory21 ftp_set_ascii_mode21 ftp_enter_passive_mode21 ftp_change_working_directory20 http_path_config_json10 docker_get_method9 http_path_bad_request5 ftp_control_channel_binary_payload5 empty_ftp_command4 https_path_root3 https_path_config_json3 ftp_user_probe2 smtp_ehlo_greeting2 ftp_auth_tls1 ftp_help_request1 ftp_password_attempt1 docker_bad_request_uri1 ftp_change_directory_etc1 ftp_feature_list_request1

$ sikker related 165.154.138.107

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.193.36.63	69%	273
45.43.37.254	100%	978
36.255.223.98	97%	426
165.154.129.43	76%	154
101.36.127.24	69%	161

IP Address	Confidence	Events
87.106.147.36	99%	196,310
104.194.158.45	90%	1,024
165.22.84.8	100%	584
152.53.191.128	83%	54,624
89.163.204.62	88%	78,965