Check an IP Address, Domain Name, Subnet, or ASN

165.154.36.245 was found in our database!

$ whois 165.154.36.245

country·🇺🇸 United States

city·Los Angeles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.36.245scoring →

confidence

94%Very High

first_seen·Jan 28, 2026

last_seen·1h ago

sessions·671

events·1,297

$ sikker protocols 165.154.36.245

SIP

152 / 360

HTTP

131 / 254

FTP

25 / 240

HTTPS

176 / 176

SMTP

72 / 142

MSSQL

46 / 46

IMAP

23 / 33

SSH

16 / 16

SMB

9 / 9

REDIS

9 / 9

POSTGRES

8 / 8

RTSP

3 / 3

DOCKER

1 / 1

$ sikker summary 165.154.36.245

165.154.36.245 has a threat confidence score of 94%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 671 honeypot sessions targeting SIP, HTTP, FTP, HTTPS, SMTP and 8 other protocols. First observed on January 28, 2026, most recently active April 19, 2026.

$ sikker behaviors 165.154.36.245catalog →

mediumSip Request Uri Sip Nm4x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

lowFtp Control Channel Protocol Anomaly2x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttps Path Robots Txt9x

HTTPS request to /robots.txt.

infoHttp Fetch Robots Txt1x

HTTP GET request to /robots.txt.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 165.154.36.245

empty_ftp_command16 ftp_control_channel_binary_payload10 smtp_ehlo_greeting9 https_path_robots_txt9 docker_get_method6 smtp_starttls_upgrade_request6 sip_request_uri_sip_nm4 ftp_user_probe2 ftp_auth_tls1 http_method_get1 ftp_help_request1 ftp_set_ascii_mode1 ftp_password_attempt1 redis_info_lowercase1 docker_bad_request_uri1 ftp_enter_passive_mode1 ftp_feature_list_request1 imap_command_authenticate1 http_robots_txt_path_probe1 redis_command_http_host_header_port_63791

$ sikker related 165.154.36.245

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.193.57.62	85%	276
152.32.188.71	96%	1,725
118.193.47.81	93%	422
103.14.33.89	95%	1,252
128.14.237.9	81%	602

IP Address	Confidence	Events
170.205.31.254	99%	5,386
209.127.178.131	94%	1,855
18.218.118.203	100%	46,869
185.242.226.92	97%	516
72.195.34.37	37%	336