Check an IP Address, Domain Name, Subnet, or ASN

165.154.182.72 was found in our database!

Confidence Level

94%

Very High?

Geolocation

🇺🇸

United StatesLos Angeles

ISPUCLOUD INFORMATION TECHNOLOGY HK LIMITED

ASNAS135377

Activity Timeline

First seenJan 30, 2026, 11:12 AM

Last seen1h ago

266Sessions

466Events

Protocol Breakdown

SMTP

86 / 223

SMB

55 / 69

SIP

32 / 58

IMAP

17 / 40

HTTP

28 / 28

HTTPS

19 / 19

MYSQL

13 / 13

RDP

12 / 12

SSH

4 / 4

165.154.182.72 has a very high threat confidence level of 94%, originating from Los Angeles, United States, on the UCLOUD INFORMATION TECHNOLOGY HK LIMITED network (135377). It has been observed across 266 sessions targeting SMTP, SMB, SIP, IMAP, HTTP and 4 other protocols, First observed on January 30, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Smb Remote Enumeration Via Samr And Srvsvc

medium3x

Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.

Srvsvc Share Enumeration

medium1x

SMB session opening IPC$, accessing and binding to the srvsvc pipe, then reading the root directory. Enumerates available shares without further traversal.

Mysql Schema Discovery Bot

low12x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

Http Root Path Request

info16x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Primitives

Individual actions observed

Http Method Get20 Mysql Show Databases12 Smtp Ehlo Greeting9 Smb Root Read6 Smb Srvsvc Rpc Bind6 Smtp Starttls Upgrade Request6 Http Path Config Json4 Smb Samr Rpc Bind3 Smb Ipc Share Access3 Smb Srvsvc Pipe Open3 Https Path Root1 Https Path Config Json1

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED SMTPMore threats targetingSMTP SMBMore threats targetingSMB SIPMore threats targetingSIP IMAPMore threats targetingIMAP HTTPMore threats targetingHTTP HTTPSMore threats targetingHTTPS MYSQLMore threats targetingMYSQL RDPMore threats targetingRDP SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
165.154.6.49	99%	103
165.154.6.208	99%	233
165.154.138.79	88%	835
107.150.119.229	99%	81
101.36.111.119	100%	701

IP Address	Confidence	Events
130.12.180.86	91%	18,165
91.92.243.52	91%	18,531
130.12.180.39	91%	18,939
130.12.180.74	91%	18,532
130.12.180.188	91%	8,637