Check an IP Address, Domain Name, Subnet, or ASN

165.154.182.154 was found in our database!

$ whois 165.154.182.154

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.182.154scoring →

confidence

97%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 19, 2026

last_reported·1d ago

sessions·373

events·649

reports·1

$ sikker protocols 165.154.182.154

SMTP

96 / 237

SIP

116 / 194

IMAP

42 / 74

SMB

31 / 44 / 1r

MSSQL

25 / 25

SSH

12 / 19

HTTPS

19 / 19

TELNET

8 / 12

POSTGRES

8 / 9

HTTP

7 / 7

FTP

5 / 5

RTSP

3 / 3

ELASTICSEARCH

1 / 1

$ sikker summary 165.154.182.154

165.154.182.154 has a threat confidence score of 97%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 373 honeypot sessions and reported 1 times targeting SMTP, SIP, IMAP, SMB, MSSQL and 8 other protocols. First observed on January 21, 2026, most recently active March 20, 2026.

$ sikker behaviors 165.154.182.154catalog →

mediumSmb Remote Enumeration Via Samr And Srvsvc2x

Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.

mediumSrvsvc Share Enumeration1x

SMB session opening IPC$, accessing and binding to the srvsvc pipe, then reading the root directory. Enumerates available shares without further traversal.

mediumFtp Financial Partner Directory Enumeration1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 165.154.182.154

elastic_root_path_probe22 ftp_list_directory21 ftp_set_ascii_mode21 ftp_enter_passive_mode21 ftp_change_working_directory20 smtp_ehlo_greeting13 elastic_http_get_request9 smtp_starttls_upgrade_request8 http_method_get6 smb_root_read4 smb_srvsvc_rpc_bind4 ftp_user_probe2 empty_ftp_command2 smb_samr_rpc_bind2 smb_ipc_share_access2 smb_srvsvc_pipe_open2 elastic_cat_indices_enumeration2 ftp_auth_tls1 https_path_root1 ftp_help_request1

$ sikker reports 165.154.182.154submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 19, 2026, 01:44	Brute Force	SMB	SikkerGuard: 2 blocked packets

$ sikker related 165.154.182.154

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.2.235	96%	1,062
165.154.4.51	94%	513
104.218.166.62	99%	109
45.43.63.34	95%	482
123.58.212.9	96%	1,095

IP Address	Confidence	Events
92.118.39.87	100%	249,974
164.90.155.248	100%	8,176
206.168.34.193	50%	1,690
92.118.39.63	100%	46,683
137.184.65.234	100%	7,711