152.32.131.245 — UCLOUD INFORMATION TECHNOLOGY HK LIMITED, HK — Very High (94%)

Check an IP Address, Domain Name, Subnet, or ASN

152.32.131.245 was found in our database!

Confidence Level

94%

Very High?

Geolocation

🇭🇰

Hong KongHong Kong

ISPUCLOUD INFORMATION TECHNOLOGY HK LIMITED

ASNAS135377

Activity Timeline

First seenJan 23, 2026, 12:08 PM

Last seen11h ago

431Sessions

1,476Events

Protocol Breakdown

SMTP

148 / 772

FTP

15 / 235

HTTPS

114 / 179

HTTP

49 / 111

SIP

39 / 61

RTSP

15 / 51

TELNET

28 / 44

MSSQL

11 / 11

MONGODB

8 / 8

SSH

4 / 4

152.32.131.245 has a very high threat confidence level of 94%, originating from Hong Kong, Hong Kong, on the UCLOUD INFORMATION TECHNOLOGY HK LIMITED network (135377). It has been observed across 431 sessions targeting SMTP, FTP, HTTPS, HTTP, SIP and 5 other protocols, First observed on January 23, 2026, most recently active March 2, 2026.

Behaviors

Classified behavioral patterns observed

Ftp Financial Partner Directory Enumeration

medium1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

Ftp Control Channel Protocol Anomaly

low2x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

Http Root Path Request

info8x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info5x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Ftp Tls Upgrade

info1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Smtp Ehlo Greeting26 Ftp List Directory21 Ftp Set Ascii Mode21 Ftp Enter Passive Mode21 Ftp Change Working Directory20 Smtp Starttls Upgrade Request18 Http Method Get11 Ftp Control Channel Binary Payload7 Empty Ftp Command6 Https Path Root5 Ftp User Probe2 Http Path Config Json2 Https Path Config Json2 Ftp Auth Tls1 Ftp Help Request1 Ftp Password Attempt1 Http Path Bad Request1 Ftp Change Directory Etc1 Ftp Feature List Request1 Ftp Change Directory Data1

Related Threats

Explore related threat intelligence

🇭🇰More threats fromHong Kong ASMore threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED SMTPMore threats targetingSMTP FTPMore threats targetingFTP HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP SIPMore threats targetingSIP RTSPMore threats targetingRTSP TELNETMore threats targetingTELNET MSSQLMore threats targetingMSSQL MONGODBMore threats targetingMONGODB SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
118.194.231.208	100%	659
118.194.234.14	91%	780
152.32.218.149	100%	567
101.36.109.176	100%	747
101.36.113.241	100%	783

IP Address	Confidence	Events
8.210.28.151	88%	86,638
172.110.223.53	98%	6,752
172.110.223.55	98%	24,532
172.110.223.43	98%	38,394
121.202.206.119	55%	363