Check an IP Address, Domain Name, Subnet, or ASN

152.32.148.140 was found in our database!

$ whois 152.32.148.140

country·🇺🇸 United States

city·Reston

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.148.140scoring →

confidence

82%Very High

first_seen·Jan 29, 2026

last_seen·1h ago

first_reported·Mar 16, 2026

last_reported·7d ago

sessions·58

events·80

reports·1

$ sikker protocols 152.32.148.140

RTSP

12 / 30

RDP

21 / 21

HTTP

8 / 8

SMTP

4 / 8

FTP

6 / 6

SSH

3 / 3

SIP

2 / 2

IMAP

2 / 2

MYSQL

0 / 0 / 1r

$ sikker summary 152.32.148.140

152.32.148.140 has a threat confidence score of 82%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 58 honeypot sessions and reported 1 times targeting RTSP, RDP, HTTP, SMTP, FTP and 4 other protocols. First observed on January 29, 2026, most recently active March 23, 2026.

$ sikker behaviors 152.32.148.140catalog →

lowRtsp Stream Enumeration4x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 152.32.148.140

rtsp_options13 rtsp_describe13 smtp_ehlo_greeting6 smtp_quit_session_termination6 ftp_set_utf82 ftp_user_probe2 ftp_set_binary_mode2 ftp_password_attempt2 ftp_feature_list_request2 ftp_machine_list_directory2 ftp_enter_extended_passive_mode2 imap_logout1 http_method_get1 ftp_help_request1 ftp_session_quit1 http_path_bad_request1 imap_capability_probe1 ftp_system_type_request1

$ sikker reports 152.32.148.140submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 02:50	Brute Force	MYSQL	SikkerGuard: 2 blocked packets

$ sikker related 152.32.148.140

🇺🇸·More threats fromUnited States→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→RTSP·More threats targetingRTSP→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→SMTP·More threats targetingSMTP→FTP·More threats targetingFTP→SSH·More threats targetingSSH→SIP·More threats targetingSIP→IMAP·More threats targetingIMAP→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.2.235	97%	3,807
101.36.108.125	99%	88
165.154.182.53	69%	204
101.36.123.173	100%	916
152.32.186.86	83%	14

IP Address	Confidence	Events
185.238.231.121	80%	4,657
15.220.31.170	58%	21
18.116.101.220	100%	32,926
92.118.39.63	100%	52,090
3.129.187.38	100%	31,008