Check an IP Address, Domain Name, Subnet, or ASN

152.32.250.21 was found in our database!

$ whois 152.32.250.21

country·🇻🇳 Vietnam

city·Ho Chi Minh City

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.250.21scoring →

confidence

93%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·405

events·667

$ sikker protocols 152.32.250.21

HTTPS

114 / 228

SMTP

80 / 149

SIP

85 / 126

HTTP

35 / 48

SSH

16 / 25

TELNET

16 / 25

RTSP

9 / 13

SMB

12 / 12

IMAP

10 / 10

MONGODB

8 / 8

FTP

5 / 5

MYSQL

2 / 5

ELASTICSEARCH

5 / 5

RDP

4 / 4

POSTGRES

4 / 4

$ sikker summary 152.32.250.21

152.32.250.21 has a threat confidence score of 93%. This IP address from Vietnam (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 405 honeypot sessions targeting HTTPS, SMTP, SIP, HTTP, SSH and 10 other protocols. First observed on January 21, 2026, most recently active March 22, 2026.

$ sikker behaviors 152.32.250.21catalog →

mediumFtp Financial Partner Directory Enumeration1x

FTP session where the client authenticates and performs repeated passive-mode directory listings while navigating directly into finance, HR, partner, vendor, and release paths such as /data/finance, /data/hr, /partners, and /pub/*, indicating targeted discovery of business-sensitive storage locations.

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttp Root Path Request12x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 152.32.250.21

elastic_root_path_probe134 elastic_http_get_request45 ftp_list_directory21 ftp_set_ascii_mode21 ftp_enter_passive_mode21 ftp_change_working_directory20 http_method_get17 elastic_cat_indices_enumeration10 smtp_ehlo_greeting9 smtp_starttls_upgrade_request5 elastic_http_favicon_path_probe5 elastic_http_bad_request_path_probe5 https_path_root4 http_path_config_json3 ftp_user_probe2 empty_ftp_command2 http_path_bad_request2 ftp_auth_tls1 ftp_help_request1 ftp_password_attempt1

$ sikker related 152.32.250.21

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.225.94	87%	17
45.43.63.34	96%	1,430
165.154.2.188	81%	11
152.32.186.240	73%	115
152.32.133.122	86%	17

IP Address	Confidence	Events
103.149.98.230	82%	8,578
112.197.14.147	17%	24
103.149.98.243	82%	8,581
160.30.172.200	96%	2,682
118.70.81.125	81%	2,132