Check an IP Address, Domain Name, Subnet, or ASN

152.32.139.9 was found in our database!

$ whois 152.32.139.9

country·🇰🇷 South Korea

city·Seoul

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.139.9scoring →

confidence

93%Very High

first_seen·Feb 3, 2026

last_seen·1h ago

first_reported·Mar 13, 2026

last_reported·19d ago

sessions·220

events·289

reports·1

$ sikker protocols 152.32.139.9

IMAP

44 / 78

SMTP

35 / 66

HTTPS

45 / 45

HTTP

28 / 28

TELNET

12 / 16 / 1r

FTP

16 / 16

SSH

12 / 12

MSSQL

11 / 11

SIP

8 / 8

RDP

4 / 4

RTSP

3 / 3

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 152.32.139.9

152.32.139.9 has a threat confidence score of 93%. This IP address from South Korea (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 220 honeypot sessions and reported 1 times targeting IMAP, SMTP, HTTPS, HTTP, TELNET and 8 other protocols. First observed on February 3, 2026, most recently active April 2, 2026.

$ sikker behaviors 152.32.139.9catalog →

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

infoHttp Root Path Request17x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

$ sikker primitives 152.32.139.9

http_method_get22 empty_ftp_command14 elastic_root_path_probe10 docker_get_method9 elastic_http_get_request9 https_path_root3 http_path_config_json3 ftp_user_probe2 smtp_ehlo_greeting2 http_path_bad_request2 https_path_config_json2 elastic_cat_indices_enumeration2 ftp_auth_tls1 ftp_help_request1 ftp_set_ascii_mode1 ftp_password_attempt1 docker_bad_request_uri1 ftp_enter_passive_mode1 ftp_feature_list_request1 imap_command_authenticate1

$ sikker reports 152.32.139.9submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 13, 2026, 09:05	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 152.32.139.9

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.194.234.8	90%	15
152.32.218.149	100%	874
118.193.56.172	93%	145
152.32.215.134	100%	280
165.154.6.187	99%	63

IP Address	Confidence	Events
45.93.30.244	100%	211
110.10.176.224	94%	593
125.141.121.76	23%	1
39.117.79.36	99%	60
210.114.22.126	100%	595