Check an IP Address, Domain Name, Subnet, or ASN

152.32.140.22 was found in our database!

$ whois 152.32.140.22

country·🇳🇬 Nigeria

city·Lagos

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.140.22scoring →

confidence

79%High

first_seen·Jan 22, 2026

last_seen·1h ago

sessions·87

events·107

$ sikker protocols 152.32.140.22

HTTPS

51 / 51

HTTP

12 / 25

SSH

6 / 9

IMAP

4 / 8

FTP

6 / 6

RTSP

6 / 6

SMTP

2 / 2

$ sikker summary 152.32.140.22

152.32.140.22 has a threat confidence score of 79%. This IP address from Nigeria (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 87 honeypot sessions targeting HTTPS, HTTP, SSH, IMAP, FTP and 2 other protocols. First observed on January 22, 2026, most recently active March 22, 2026.

$ sikker behaviors 152.32.140.22catalog →

lowRtsp Stream Enumeration2x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

lowFtp Extended Passive Mlsd Listing2x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Direct Bad Request Endpoint Access1x

Identifies direct HTTPS requests to the /bad-request path, indicating manual or automated probing of error-handling routes rather than normal application flow.

$ sikker primitives 152.32.140.22

https_path_root3 ftp_set_utf82 rtsp_options2 rtsp_describe2 ftp_user_probe2 ftp_help_request2 ftp_session_quit2 ftp_set_binary_mode2 ftp_password_attempt2 ftp_system_type_request2 ftp_feature_list_request2 ftp_machine_list_directory2 ftp_enter_extended_passive_mode2 imap_logout1 http_method_get1 smtp_ehlo_greeting1 http_path_bad_request1 imap_capability_probe1 https_path_bad_request1

$ sikker related 152.32.140.22

🇳🇬·More threats fromNigeria→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→IMAP·More threats targetingIMAP→FTP·More threats targetingFTP→RTSP·More threats targetingRTSP→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
128.14.225.164	100%	991
165.154.6.150	100%	216
165.154.105.128	100%	677
152.32.174.119	83%	6
36.255.223.98	97%	437

IP Address	Confidence	Events
102.212.40.242	100%	552
102.88.137.145	100%	860
102.90.79.53	15%	9
102.89.47.28	35%	3
197.210.54.154	35%	3