Check an IP Address, Domain Name, Subnet, or ASN

165.245.208.120 was found in our database!

$ whois 165.245.208.120

country·🇺🇸 United States

network·Standard

$ sikker risk 165.245.208.120scoring →

confidence

90%Very High

first_seen·Apr 9, 2026

last_seen·39m ago

sessions·169

events·169

$ sikker protocols 165.245.208.120

FTP

47 / 47

HTTP

45 / 45

HTTPS

29 / 29

SMTP

28 / 28

IMAP

12 / 12

SSH

3 / 3

TELNET

3 / 3

SMB

2 / 2

$ sikker summary 165.245.208.120

165.245.208.120 has a threat confidence score of 90%. This IP address from United States has been observed in 169 honeypot sessions targeting FTP, HTTP, HTTPS, SMTP, IMAP and 3 other protocols. First observed on April 9, 2026, most recently active April 15, 2026.

$ sikker behaviors 165.245.208.120catalog →

infoHttp Http Method Get10x

HTTP request using GET method.

infoHttp Root Path Request10x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade5x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoSmtp Tls Capability Probe2x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 165.245.208.120

empty_ftp_command39 http_method_get24 http_path_bad_request7 ftp_auth_tls5 https_path_root3 smtp_ehlo_greeting2 smtp_starttls_upgrade_request2

$ sikker related 165.245.208.120

🇺🇸·More threats fromUnited States→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→SMTP·More threats targetingSMTP→IMAP·More threats targetingIMAP→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
205.210.31.226	98%	347
185.218.138.21	97%	16,018
164.90.155.248	100%	8,674
92.118.39.63	100%	77,346
157.230.55.143	100%	8,719