Check an IP Address, Domain Name, Subnet, or ASN

165.154.164.92 was found in our database!

$ whois 165.154.164.92

country·🇩🇪 Germany

city·Frankfurt am Main

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.164.92scoring →

confidence

98%Very High

first_seen·Jan 20, 2026

last_seen·1h ago

first_reported·Mar 12, 2026

last_reported·Mar 12, 2026

sessions·392

events·928

reports·1

$ sikker protocols 165.154.164.92

FTP

40 / 481

SMTP

127 / 195

SIP

71 / 71

HTTPS

56 / 56

SSH

27 / 35

IMAP

31 / 31

REDIS

8 / 26

SMB

15 / 15 / 1r

TELNET

8 / 8

POSTGRES

4 / 5

RTSP

3 / 3

ELASTICSEARCH

2 / 2

$ sikker summary 165.154.164.92

165.154.164.92 has a threat confidence score of 98%. This IP address from Germany (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 392 honeypot sessions and reported 1 times targeting FTP, SMTP, SIP, HTTPS, SSH and 7 other protocols. First observed on January 20, 2026, most recently active April 21, 2026.

$ sikker behaviors 165.154.164.92catalog →

mediumSip Request Uri Sip Nm2x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

mediumFtp Financial Partner Directory Enumeration1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

lowFtp Control Channel Protocol Anomaly4x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttps Path Robots Txt2x

HTTPS request to /robots.txt.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 165.154.164.92

elastic_root_path_probe50 empty_ftp_command22 ftp_set_ascii_mode22 ftp_enter_passive_mode22 ftp_list_directory21 ftp_change_working_directory20 smb_c_share_access19 elastic_http_get_request18 ftp_control_channel_binary_payload18 smb_root_read8 smtp_ehlo_greeting7 smtp_starttls_upgrade_request7 sip_request_uri_sip_nm4 elastic_cat_indices_enumeration4 ftp_user_probe3 smb_wildcard_match3 ftp_help_request2 smb_srvsvc_rpc_bind2 ftp_password_attempt2 https_path_robots_txt2

$ sikker reports 165.154.164.92submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 12, 2026, 09:18	Brute Force	SMB	SikkerGuard: 2 blocked packets

$ sikker related 165.154.164.92

Report IP WHOIS Lookup →

IP Address	Confidence	Events
123.58.209.112	99%	1,423
118.193.47.81	94%	492
152.32.129.110	98%	719
103.72.147.77	100%	257
123.58.212.9	96%	7,432

IP Address	Confidence	Events
217.216.108.129	88%	4,480
178.105.2.151	56%	1
85.190.240.128	97%	46
45.65.112.108	86%	5,537
43.157.1.84	95%	3,239