Check an IP Address, Domain Name, Subnet, or ASN

152.32.130.155 was found in our database!

$ whois 152.32.130.155

country·🇭🇰 Hong Kong

city·Hong Kong

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.130.155scoring →

confidence

94%Very High

first_seen·Jan 27, 2026

last_seen·1h ago

first_reported·Mar 22, 2026

last_reported·1d ago

sessions·409

events·646

reports·1

$ sikker protocols 152.32.130.155

SMTP

75 / 220

HTTPS

115 / 183

SIP

108 / 108

IMAP

34 / 51

SMB

24 / 24 / 1r

FTP

15 / 15

SSH

8 / 11

MSSQL

11 / 11

HTTP

7 / 7

POSTGRES

4 / 5

RDP

4 / 4

MYSQL

1 / 4

RTSP

3 / 3

$ sikker summary 152.32.130.155

152.32.130.155 has a threat confidence score of 94%. This IP address from Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 409 honeypot sessions and reported 1 times targeting SMTP, HTTPS, SIP, IMAP, SMB and 8 other protocols. First observed on January 27, 2026, most recently active March 23, 2026.

$ sikker behaviors 152.32.130.155catalog →

mediumFtp Financial Partner Directory Enumeration1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 152.32.130.155

ftp_list_directory21 ftp_set_ascii_mode21 ftp_enter_passive_mode21 ftp_change_working_directory20 empty_ftp_command12 smtp_ehlo_greeting9 smtp_starttls_upgrade_request7 https_path_root4 https_path_config_json3 ftp_user_probe2 ftp_auth_tls1 http_method_get1 ftp_help_request1 ftp_password_attempt1 mysql_show_databases1 http_path_bad_request1 ftp_change_directory_etc1 ftp_feature_list_request1 ftp_change_directory_data1 imap_command_authenticate1

$ sikker reports 152.32.130.155submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 22, 2026, 16:12	Brute Force	SMB	SikkerGuard: 2 blocked packets

$ sikker related 152.32.130.155

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.43.63.34	96%	1,532
152.32.138.230	95%	627
123.58.213.127	100%	1,034
165.154.120.13	84%	186
165.154.1.39	96%	1,419

IP Address	Confidence	Events
8.210.28.151	88%	145,874
172.110.223.64	98%	14,098
154.23.133.68	95%	1,159
172.110.223.34	96%	229
47.238.76.68	81%	491