Check an IP Address, Domain Name, Subnet, or ASN

152.32.150.29 was found in our database!

$ whois 152.32.150.29

country·🇺🇸 United States

city·Reston

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.150.29scoring →

confidence

97%Very High

first_seen·Feb 1, 2026

last_seen·7h ago

first_reported·Mar 1, 2026

last_reported·20d ago

sessions·417

events·589

reports·2

$ sikker protocols 152.32.150.29

SMTP

118 / 188 / 1r

IMAP

44 / 80

SMB

32 / 79

HTTPS

57 / 57

SSH

24 / 33

SIP

32 / 32

REDIS

23 / 23

RDP

20 / 20

TELNET

12 / 20

HTTP

14 / 14

POSTGRES

12 / 14

MSSQL

12 / 12 / 1r

FTP

10 / 10

RTSP

6 / 6

DOCKER

1 / 1

$ sikker summary 152.32.150.29

152.32.150.29 has a threat confidence score of 97%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 417 honeypot sessions and reported 2 times targeting SMTP, IMAP, SMB, HTTPS, SSH and 10 other protocols. First observed on February 1, 2026, most recently active April 5, 2026.

$ sikker behaviors 152.32.150.29catalog →

mediumFtp Financial Partner Directory Enumeration2x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

infoHttps Path Robots Txt2x

HTTPS request to /robots.txt.

infoHttp Fetch Robots Txt1x

HTTP GET request to /robots.txt.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 152.32.150.29

ftp_list_directory42 ftp_set_ascii_mode42 ftp_enter_passive_mode42 ftp_change_working_directory40 smb_c_share_access19 smtp_ehlo_greeting10 docker_get_method9 smb_root_read8 smtp_starttls_upgrade_request6 ftp_user_probe4 empty_ftp_command4 smb_wildcard_match3 ftp_auth_tls2 ftp_help_request2 smb_srvsvc_rpc_bind2 ftp_password_attempt2 https_path_robots_txt2 ftp_change_directory_etc2 ftp_feature_list_request2 ftp_change_directory_data2

$ sikker reports 152.32.150.29submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 03:15	Brute Force	SMTP	SikkerGuard: 2 blocked packets
User	Mar 1, 2026, 19:15	Brute Force	MSSQL	SikkerGuard: 2 blocked packets

$ sikker related 152.32.150.29

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.23.67	95%	542
123.58.212.9	96%	4,599
152.32.209.116	90%	37
103.14.35.222	93%	356
165.154.2.235	96%	4,551

IP Address	Confidence	Events
193.56.116.94	85%	1,236
173.245.76.90	98%	129,613
64.64.116.4	85%	1,242
104.23.211.228	17%	10
172.70.39.63	10%	1