Check an IP Address, Domain Name, Subnet, or ASN

165.154.164.79 was found in our database!

$ whois 165.154.164.79

country·🇩🇪 Germany

city·Frankfurt am Main

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.164.79scoring →

confidence

93%Very High

first_seen·Jan 30, 2026

last_seen·1h ago

sessions·284

events·452

$ sikker protocols 165.154.164.79

SMTP

95 / 248

SMB

56 / 56

IMAP

39 / 39

HTTP

12 / 25

HTTPS

19 / 19

MSSQL

17 / 17

SSH

11 / 11

FTP

10 / 10

MONGODB

9 / 9

TELNET

8 / 8

POSTGRES

4 / 4

MYSQL

1 / 3

DOCKER

2 / 2

ELASTICSEARCH

1 / 1

$ sikker summary 165.154.164.79

165.154.164.79 has a threat confidence score of 93%. This IP address from Germany (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 284 honeypot sessions targeting SMTP, SMB, IMAP, HTTP, HTTPS and 9 other protocols. First observed on January 30, 2026, most recently active April 21, 2026.

$ sikker behaviors 165.154.164.79catalog →

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

mediumFtp Financial Partner Directory Enumeration1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Fetch Robots Txt1x

HTTP GET request to /robots.txt.

infoHttps Path Robots Txt1x

HTTPS request to /robots.txt.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 165.154.164.79

ftp_set_ascii_mode22 ftp_enter_passive_mode22 ftp_list_directory21 ftp_change_working_directory20 elastic_root_path_probe16 docker_get_method15 smtp_ehlo_greeting13 elastic_http_get_request9 smtp_starttls_upgrade_request7 smb_root_read4 ftp_user_probe4 empty_ftp_command4 smb_srvsvc_rpc_bind4 smb_rpc_srvsvc_interface_access4 ftp_auth_tls2 ftp_help_request2 smb_samr_rpc_bind2 ftp_password_attempt2 smb_ipc_share_access2 smb_srvsvc_pipe_open2

$ sikker related 165.154.164.79

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.59.118	97%	750
152.32.226.203	97%	547
165.154.182.221	89%	1,833
118.26.36.248	100%	702
123.58.212.9	96%	7,417

IP Address	Confidence	Events
217.216.108.129	88%	4,394
165.154.164.92	98%	913
158.173.154.150	82%	2,666
216.24.213.226	87%	17,566
185.132.53.158	80%	270