Check an IP Address, Domain Name, Subnet, or ASN

152.32.164.139 was found in our database!

$ whois 152.32.164.139

country·🇹🇼 Taiwan

city·Taipei

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.164.139scoring →

confidence

97%Very High

first_seen·Jan 31, 2026

last_seen·1h ago

first_reported·Mar 9, 2026

last_reported·10d ago

sessions·456

events·746

reports·1

$ sikker protocols 152.32.164.139

SMTP

103 / 359

HTTPS

137 / 137

SIP

47 / 73

HTTP

52 / 60

RTSP

39 / 39

FTP

26 / 26 / 1r

SMB

24 / 24

MSSQL

11 / 11

SSH

8 / 8

TELNET

8 / 8

ELASTICSEARCH

1 / 1

$ sikker summary 152.32.164.139

152.32.164.139 has a threat confidence score of 97%. This IP address from Taiwan (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 456 honeypot sessions and reported 1 times targeting SMTP, HTTPS, SIP, HTTP, RTSP and 6 other protocols. First observed on January 31, 2026, most recently active March 19, 2026.

$ sikker behaviors 152.32.164.139catalog →

mediumFtp Financial Partner Directory Enumeration3x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

infoHttp Root Path Request31x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request7x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

$ sikker primitives 152.32.164.139

ftp_list_directory63 ftp_set_ascii_mode63 ftp_enter_passive_mode63 ftp_change_working_directory60 http_method_get39 elastic_root_path_probe22 empty_ftp_command18 smtp_ehlo_greeting11 elastic_http_get_request9 smtp_starttls_upgrade_request8 https_path_root7 http_path_config_json7 https_path_config_json7 ftp_user_probe6 ftp_auth_tls3 ftp_help_request3 ftp_password_attempt3 ftp_change_directory_etc3 ftp_feature_list_request3 ftp_change_directory_data3

$ sikker reports 152.32.164.139submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 9, 2026, 03:42	Brute Force	FTP	SikkerGuard: 2 blocked packets

$ sikker related 152.32.164.139

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.2.235	95%	381
123.58.212.9	95%	337
165.154.4.51	93%	238
45.249.247.62	99%	210
101.36.117.234	100%	167

IP Address	Confidence	Events
213.209.159.66	83%	6,181
122.100.88.141	35%	3
165.154.226.102	95%	1,024
213.209.159.159	87%	64,645
213.209.159.158	93%	3,212