Check an IP Address, Domain Name, Subnet, or ASN

165.154.172.244 was found in our database!

$ whois 165.154.172.244

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.172.244scoring →

confidence

77%High

first_seen·Jan 29, 2026

last_seen·1h ago

sessions·141

events·169

$ sikker protocols 165.154.172.244

HTTPS

34 / 52

MSSQL

49 / 49

HTTP

16 / 16

IMAP

6 / 10

RDP

9 / 9

RTSP

3 / 9

SIP

5 / 5

SMB

5 / 5

POSTGRES

5 / 5

FTP

3 / 3

SSH

3 / 3

SMTP

2 / 2

DOCKER

1 / 1

$ sikker summary 165.154.172.244

165.154.172.244 has a threat confidence score of 77%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 141 honeypot sessions targeting HTTPS, MSSQL, HTTP, IMAP, RDP and 8 other protocols. First observed on January 29, 2026, most recently active April 15, 2026.

$ sikker behaviors 165.154.172.244catalog →

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttp Http Method Get1x

HTTP request using GET method.

$ sikker primitives 165.154.172.244

http_method_get6 docker_get_method3 https_path_root2 ftp_session_quit2 http_path_bad_request2 docker_bad_request_uri2 imap_logout1 ftp_set_utf81 rtsp_options1 rtsp_describe1 ftp_user_probe1 ftp_help_request1 smtp_ehlo_greeting1 ftp_set_binary_mode1 ftp_password_attempt1 imap_capability_probe1 ftp_system_type_request1 ftp_feature_list_request1 ftp_machine_list_directory1 ftp_enter_extended_passive_mode1

$ sikker related 165.154.172.244

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.216.180	96%	1,774
152.32.247.233	96%	3,235
118.193.56.172	93%	413
45.43.63.34	96%	3,884
103.14.35.222	93%	542

IP Address	Confidence	Events
161.35.62.246	70%	154
45.76.28.232	80%	2,062
181.215.65.29	77%	243
173.239.211.241	83%	780
43.135.130.202	51%	55