Check an IP Address, Domain Name, Subnet, or ASN

165.154.36.102 was found in our database!

$ whois 165.154.36.102

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.36.102scoring →

confidence

69%High

first_seen·Jan 25, 2026

last_seen·1h ago

sessions·38

events·69

$ sikker protocols 165.154.36.102

SIP

12 / 34

HTTP

4 / 10

SSH

3 / 6

REDIS

6 / 6

SMB

5 / 5

FTP

3 / 3

RTSP

3 / 3

IMAP

2 / 2

$ sikker summary 165.154.36.102

165.154.36.102 has a threat confidence score of 69%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 38 honeypot sessions targeting SIP, HTTP, SSH, REDIS, SMB and 3 other protocols. First observed on January 25, 2026, most recently active March 23, 2026.

$ sikker behaviors 165.154.36.102catalog →

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 165.154.36.102

redis_info_lowercase2 imap_logout1 ftp_set_utf81 rtsp_options1 rtsp_describe1 ftp_user_probe1 http_method_get1 ftp_help_request1 ftp_session_quit1 ftp_set_binary_mode1 ftp_password_attempt1 http_path_bad_request1 imap_capability_probe1 ftp_system_type_request1 ftp_feature_list_request1 ftp_machine_list_directory1 ftp_enter_extended_passive_mode1

$ sikker related 165.154.36.102

🇺🇸·More threats fromUnited States→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→REDI·More threats targetingREDIS→SMB·More threats targetingSMB→FTP·More threats targetingFTP→RTSP·More threats targetingRTSP→IMAP·More threats targetingIMAP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.129.154	74%	191
152.32.247.22	68%	119
165.154.42.209	72%	178
118.193.33.3	100%	637
165.154.2.188	94%	48

IP Address	Confidence	Events
45.61.184.223	98%	2,299
172.173.200.62	99%	44
142.93.253.79	58%	17
209.222.101.54	98%	54,199
92.118.39.92	100%	105,119