Check an IP Address, Domain Name, Subnet, or ASN

165.154.40.244 was found in our database!

$ whois 165.154.40.244

country·🇭🇰 Hong Kong

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.40.244scoring →

confidence

70%High

first_seen·Jan 22, 2026

last_seen·1h ago

sessions·99

events·138

$ sikker protocols 165.154.40.244

HTTPS

51 / 51

SIP

15 / 26

HTTP

12 / 24

FTP

3 / 19

SSH

6 / 6

IMAP

4 / 4

MONGODB

4 / 4

SMTP

2 / 2

DOCKER

1 / 1

TELNET

1 / 1

$ sikker summary 165.154.40.244

165.154.40.244 has a threat confidence score of 70%. This IP address from Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 99 honeypot sessions targeting HTTPS, SIP, HTTP, FTP, SSH and 5 other protocols. First observed on January 22, 2026, most recently active March 22, 2026.

$ sikker behaviors 165.154.40.244catalog →

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoMongodb Buildinfo Fingerprinting1x

Client issues the MongoDB buildInfo command to retrieve detailed server version and build metadata, enabling software fingerprinting and environment profiling. This behavior reflects early-stage reconnaissance commonly performed by automated scanners, vulnerability assessment tooling, or exploitation frameworks to identify MongoDB deployment characteristics and determine suitability for subsequent enumeration or attack activity.

$ sikker primitives 165.154.40.244

http_method_get3 https_path_root3 docker_get_method3 http_path_bad_request2 docker_bad_request_uri2 imap_logout1 ftp_set_utf81 ftp_user_probe1 ftp_session_quit1 smtp_ehlo_greeting1 ftp_set_binary_mode1 ftp_password_attempt1 imap_capability_probe1 ftp_feature_list_request1 mongodb_buildinfo_command1 ftp_machine_list_directory1 ftp_enter_extended_passive_mode1 mongodb_serverstatus_float_command1

$ sikker related 165.154.40.244

🇭🇰·More threats fromHong Kong→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→FTP·More threats targetingFTP→SSH·More threats targetingSSH→IMAP·More threats targetingIMAP→MONG·More threats targetingMONGODB→SMTP·More threats targetingSMTP→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.140.20	44%	20
45.249.247.165	100%	1,020
152.32.162.42	100%	739
165.154.6.86	97%	38
165.154.105.128	100%	680

IP Address	Confidence	Events
172.110.223.44	99%	36,851
8.210.142.27	81%	6,816
83.229.127.217	99%	346
220.246.42.217	45%	251
43.103.4.190	60%	4