Check an IP Address, Domain Name, Subnet, or ASN

165.154.173.35 was found in our database!

$ whois 165.154.173.35

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.173.35scoring →

confidence

80%Very High

first_seen·Jan 24, 2026

last_seen·1h ago

sessions·134

events·205

$ sikker protocols 165.154.173.35

HTTPS

51 / 69

MONGODB

47 / 47

FTP

9 / 39

HTTP

12 / 18

SSH

6 / 9

RTSP

3 / 9

IMAP

4 / 8

SMTP

2 / 6

$ sikker summary 165.154.173.35

165.154.173.35 has a threat confidence score of 80%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 134 honeypot sessions targeting HTTPS, MONGODB, FTP, HTTP, SSH and 3 other protocols. First observed on January 24, 2026, most recently active March 25, 2026.

$ sikker behaviors 165.154.173.35catalog →

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 165.154.173.35

rtsp_options4 rtsp_describe4 http_method_get4 ftp_set_utf83 ftp_user_probe3 https_path_root3 ftp_set_binary_mode3 ftp_password_attempt3 ftp_feature_list_request3 ftp_machine_list_directory3 ftp_enter_extended_passive_mode3 ftp_session_quit2 http_path_bad_request2 imap_logout1 ftp_help_request1 smtp_ehlo_greeting1 imap_capability_probe1 ftp_system_type_request1

$ sikker related 165.154.173.35

🇺🇸·More threats fromUnited States→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→MONG·More threats targetingMONGODB→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→RTSP·More threats targetingRTSP→IMAP·More threats targetingIMAP→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.206.87	81%	176
128.14.225.164	100%	1,024
165.154.4.51	95%	1,607
152.32.247.233	92%	30
101.36.109.144	97%	696

IP Address	Confidence	Events
5.253.86.23	97%	6,086
98.89.204.118	81%	903
64.62.197.77	100%	1,563
64.62.197.92	100%	1,562
66.132.172.198	97%	56