Check an IP Address, Domain Name, Subnet, or ASN

152.32.153.228 was found in our database!

$ whois 152.32.153.228

country·🇮🇩 Indonesia

city·Jakarta

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.153.228scoring →

confidence

94%Very High

first_seen·Feb 1, 2026

last_seen·1h ago

first_reported·Mar 3, 2026

last_reported·19d ago

sessions·264

events·447

reports·1

$ sikker protocols 152.32.153.228

RTSP

42 / 168

HTTPS

76 / 99

SMTP

43 / 72 / 1r

SMB

26 / 26

MONGODB

18 / 18

MSSQL

14 / 14

TELNET

8 / 12

ELASTICSEARCH

11 / 11

FTP

10 / 10

REDIS

8 / 8

POSTGRES

4 / 5

SSH

4 / 4

$ sikker summary 152.32.153.228

152.32.153.228 has a threat confidence score of 94%. This IP address from Indonesia (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 264 honeypot sessions and reported 1 times targeting RTSP, HTTPS, SMTP, SMB, MONGODB and 7 other protocols. First observed on February 1, 2026, most recently active March 22, 2026.

$ sikker behaviors 152.32.153.228catalog →

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

mediumFtp Financial Partner Directory Enumeration1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 152.32.153.228

elastic_root_path_probe256 elastic_http_get_request99 ftp_set_ascii_mode22 ftp_enter_passive_mode22 elastic_cat_indices_enumeration22 ftp_list_directory21 ftp_change_working_directory20 elastic_http_favicon_path_probe11 elastic_http_bad_request_path_probe11 ftp_user_probe4 https_path_root4 smtp_ehlo_greeting4 empty_ftp_command3 https_path_config_json3 ftp_auth_tls2 ftp_help_request2 ftp_password_attempt2 ftp_feature_list_request2 mongodb_serverstatus_float_command2 redis_info_lowercase1

$ sikker reports 152.32.153.228submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 3, 2026, 11:40	Brute Force	SMTP	SikkerGuard: 2 blocked packets

$ sikker related 152.32.153.228

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.193.36.63	70%	278
165.154.172.200	71%	126
165.154.172.88	80%	237
165.154.4.152	95%	1,196
103.218.242.31	98%	80

IP Address	Confidence	Events
103.93.93.182	100%	91,507
163.7.9.54	92%	38
103.176.79.117	100%	654
163.7.9.23	95%	166
103.175.225.238	100%	201