Check an IP Address, Domain Name, Subnet, or ASN

165.154.172.88 was found in our database!

$ whois 165.154.172.88

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.172.88scoring →

confidence

79%High

first_seen·Jan 22, 2026

last_seen·2d ago

sessions·149

events·235

$ sikker protocols 165.154.172.88

HTTPS

90 / 127

HTTP

46 / 91

IMAP

4 / 8

SIP

6 / 6

FTP

3 / 3

$ sikker summary 165.154.172.88

165.154.172.88 has a threat confidence score of 79%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 149 honeypot sessions targeting HTTPS, HTTP, IMAP, SIP, FTP protocols. First observed on January 22, 2026, most recently active March 20, 2026.

$ sikker behaviors 165.154.172.88catalog →

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttps Root Path Request7x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Direct Bad Request Endpoint Access2x

Identifies direct HTTPS requests to the /bad-request path, indicating manual or automated probing of error-handling routes rather than normal application flow.

$ sikker primitives 165.154.172.88

https_path_root7 http_method_get6 http_path_bad_request4 https_path_bad_request2 imap_logout1 ftp_set_utf81 ftp_user_probe1 ftp_help_request1 ftp_session_quit1 ftp_set_binary_mode1 ftp_password_attempt1 imap_capability_probe1 ftp_system_type_request1 ftp_feature_list_request1 ftp_machine_list_directory1 ftp_enter_extended_passive_mode1

$ sikker related 165.154.172.88

🇺🇸·More threats fromUnited States→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→IMAP·More threats targetingIMAP→SIP·More threats targetingSIP→FTP·More threats targetingFTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.194.70.254	76%	156
165.154.6.42	53%	2
23.91.96.70	100%	647
101.36.106.89	84%	243
45.249.246.120	100%	180

IP Address	Confidence	Events
185.218.138.20	97%	4,836
34.82.98.110	79%	6,156
216.180.246.80	86%	241
185.218.138.27	97%	4,938
68.68.101.178	93%	6,234