Check an IP Address, Domain Name, Subnet, or ASN

165.154.51.225 was found in our database!

$ whois 165.154.51.225

country·🇹🇭 Thailand

city·Bangkok

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 165.154.51.225scoring →

confidence

81%Very High

first_seen·Jan 27, 2026

last_seen·1h ago

sessions·177

events·223

$ sikker protocols 165.154.51.225

HTTPS

68 / 104

MONGODB

47 / 47

RDP

18 / 18

RTSP

6 / 12

MSSQL

12 / 12

SSH

9 / 9

SIP

6 / 6

IMAP

6 / 6

SMTP

2 / 6

FTP

3 / 3

$ sikker summary 165.154.51.225

165.154.51.225 has a threat confidence score of 81%. This IP address from Thailand (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 177 honeypot sessions targeting HTTPS, MONGODB, RDP, RTSP, MSSQL and 5 other protocols. First observed on January 27, 2026, most recently active April 30, 2026.

$ sikker behaviors 165.154.51.225catalog →

mediumSip Request Uri Sip Nm2x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

lowRtsp Stream Enumeration2x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttps Direct Bad Request Endpoint Access1x

Identifies direct HTTPS requests to the /bad-request path, indicating manual or automated probing of error-handling routes rather than normal application flow.

$ sikker primitives 165.154.51.225

rtsp_options5 rtsp_describe5 https_path_root4 sip_request_uri_sip_nm2 imap_logout1 ftp_set_utf81 ftp_user_probe1 ftp_help_request1 smtp_ehlo_greeting1 ftp_set_binary_mode1 ftp_password_attempt1 imap_capability_probe1 https_path_bad_request1 ftp_system_type_request1 ftp_feature_list_request1 ftp_enter_extended_passive_mode1

$ sikker related 165.154.51.225

🇹🇭·More threats fromThailand→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→MONG·More threats targetingMONGODB→RDP·More threats targetingRDP→RTSP·More threats targetingRTSP→MSSQ·More threats targetingMSSQL→SSH·More threats targetingSSH→SIP·More threats targetingSIP→IMAP·More threats targetingIMAP→SMTP·More threats targetingSMTP→FTP·More threats targetingFTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.175.158	95%	875
45.43.37.254	100%	1,089
118.193.35.195	94%	114
152.32.209.116	93%	612
165.154.120.211	93%	884

IP Address	Confidence	Events
165.154.120.211	93%	884
147.50.227.79	100%	1,035
154.197.69.12	96%	2,862
165.101.64.90	95%	3,533
223.207.216.174	44%	6