Check an IP Address, Domain Name, Subnet, or ASN

152.32.148.250 was found in our database!

$ whois 152.32.148.250

country·🇺🇸 United States

city·Reston

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.148.250scoring →

confidence

75%High

first_seen·Jan 26, 2026

last_seen·1h ago

sessions·95

events·119

$ sikker protocols 152.32.148.250

HTTP

20 / 24

SIP

9 / 20

HTTPS

17 / 17

SSH

9 / 12

SMB

10 / 10

RDP

9 / 9

RTSP

3 / 9

IMAP

8 / 8

POSTGRES

5 / 5

FTP

3 / 3

SMTP

2 / 2

$ sikker summary 152.32.148.250

152.32.148.250 has a threat confidence score of 75%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 95 honeypot sessions targeting HTTP, SIP, HTTPS, SSH, SMB and 6 other protocols. First observed on January 26, 2026, most recently active March 26, 2026.

$ sikker behaviors 152.32.148.250catalog →

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing1x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 152.32.148.250

rtsp_options4 rtsp_describe4 http_method_get2 ftp_set_utf81 ftp_user_probe1 https_path_root1 ftp_help_request1 smtp_ehlo_greeting1 ftp_set_binary_mode1 ftp_password_attempt1 http_path_bad_request1 ftp_system_type_request1 ftp_feature_list_request1 ftp_machine_list_directory1 ftp_enter_extended_passive_mode1

$ sikker related 152.32.148.250

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.129.220	81%	281
123.58.219.3	94%	18
152.32.132.215	100%	244
152.32.239.90	100%	986
101.36.106.162	100%	164

IP Address	Confidence	Events
20.121.138.113	62%	67
92.118.39.63	100%	57,731
15.204.128.147	96%	3,026
208.110.64.186	95%	2,105
45.61.184.223	99%	13,802