Check an IP Address, Domain Name, Subnet, or ASN

152.32.132.203 was found in our database!

$ whois 152.32.132.203

country·🇭🇰 Hong Kong

city·Hong Kong

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.132.203scoring →

confidence

89%Very High

first_seen·Jan 22, 2026

last_seen·1d ago

sessions·234

events·292

$ sikker protocols 152.32.132.203

HTTP

60 / 99

HTTPS

72 / 72

SIP

40 / 40

RDP

18 / 18

SMTP

8 / 17

RTSP

6 / 12

IMAP

6 / 10

FTP

9 / 9

SSH

6 / 6

MSSQL

6 / 6

DOCKER

1 / 1

TELNET

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 152.32.132.203

152.32.132.203 has a threat confidence score of 89%. This IP address from Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 234 honeypot sessions targeting HTTP, HTTPS, SIP, RDP, SMTP and 8 other protocols. First observed on January 22, 2026, most recently active April 29, 2026.

$ sikker behaviors 152.32.132.203catalog →

mediumSip Request Uri Sip Nm2x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

lowRtsp Stream Enumeration2x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttps Path Robots Txt3x

HTTPS request to /robots.txt.

infoHttp Fetch Robots Txt1x

HTTP GET request to /robots.txt.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 152.32.132.203

smtp_ehlo_greeting12 smtp_quit_session_termination11 ftp_session_quit5 docker_get_method4 ftp_set_utf83 ftp_user_probe3 ftp_help_request3 ftp_set_binary_mode3 ftp_password_attempt3 https_path_robots_txt3 sip_request_uri_sip_nm3 ftp_system_type_request3 elastic_http_get_request3 ftp_feature_list_request3 ftp_enter_extended_passive_mode3 rtsp_options2 rtsp_describe2 ftp_machine_list_directory2 elastic_http_bad_request_path_probe2 imap_logout1

$ sikker related 152.32.132.203

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.193.35.195	94%	113
123.58.212.28	91%	29
152.32.188.71	96%	3,068
165.154.51.225	81%	223
165.154.120.77	94%	1,261

IP Address	Confidence	Events
47.76.96.137	95%	2,123
43.129.69.214	93%	829
47.243.64.124	95%	1,221
47.243.224.67	95%	1,392
8.218.124.65	93%	542