Check an IP Address, Domain Name, Subnet, or ASN

165.154.182.223 was found in our database!

$ whois 165.154.182.223

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.182.223scoring →

confidence

79%High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 17, 2026

last_reported·5d ago

sessions·41

events·82

reports·1

$ sikker protocols 165.154.182.223

HTTPS

17 / 36

FTP

6 / 20

SIP

2 / 6

IMAP

2 / 6

HTTP

4 / 4

SMTP

4 / 4

SSH

3 / 3

RTSP

3 / 3

MYSQL

0 / 0 / 1r

$ sikker summary 165.154.182.223

165.154.182.223 has a threat confidence score of 79%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 41 honeypot sessions and reported 1 times targeting HTTPS, FTP, SIP, IMAP, HTTP and 4 other protocols. First observed on January 21, 2026, most recently active March 22, 2026.

$ sikker behaviors 165.154.182.223catalog →

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 165.154.182.223

ftp_session_quit3 ftp_set_utf82 ftp_user_probe2 http_method_get2 smtp_ehlo_greeting2 ftp_set_binary_mode2 ftp_password_attempt2 ftp_feature_list_request2 ftp_machine_list_directory2 ftp_enter_extended_passive_mode2 imap_logout1 rtsp_options1 rtsp_describe1 https_path_root1 ftp_help_request1 http_path_bad_request1 imap_capability_probe1 ftp_system_type_request1 smtp_quit_session_termination1

$ sikker reports 165.154.182.223submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 17, 2026, 10:14	Brute Force	MYSQL	SikkerGuard: 2 blocked packets

$ sikker related 165.154.182.223

🇺🇸·More threats fromUnited States→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→FTP·More threats targetingFTP→SIP·More threats targetingSIP→IMAP·More threats targetingIMAP→HTTP·More threats targetingHTTP→SMTP·More threats targetingSMTP→SSH·More threats targetingSSH→RTSP·More threats targetingRTSP→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
150.107.36.236	93%	773
165.154.182.174	70%	193
118.194.250.127	73%	102
165.154.6.49	100%	227
103.210.21.13	96%	2,262

IP Address	Confidence	Events
185.218.138.21	97%	4,922
185.218.138.20	97%	4,810
181.215.65.49	85%	2,942
92.118.39.92	100%	104,478
185.238.231.121	79%	3,917