Check an IP Address, Domain Name, Subnet, or ASN

152.32.228.20 was found in our database!

$ whois 152.32.228.20

country·🇷🇺 Russia

city·Moscow

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.228.20scoring →

confidence

81%Very High

first_seen·Jan 22, 2026

last_seen·1h ago

sessions·202

events·695

$ sikker protocols 152.32.228.20

FTP

20 / 453

SMTP

44 / 61

HTTPS

57 / 57

IMAP

17 / 41

SIP

26 / 26

REDIS

8 / 25

SSH

12 / 14

HTTP

14 / 14

POSTGRES

4 / 4

$ sikker summary 152.32.228.20

152.32.228.20 has a threat confidence score of 81%. This IP address from Russia (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 202 honeypot sessions targeting FTP, SMTP, HTTPS, IMAP, SIP and 4 other protocols. First observed on January 22, 2026, most recently active March 23, 2026.

$ sikker behaviors 152.32.228.20catalog →

lowFtp Control Channel Protocol Anomaly4x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttp Root Path Request8x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 152.32.228.20

ftp_control_channel_binary_payload16 http_method_get11 empty_ftp_command8 https_path_root3 smtp_ehlo_greeting2 http_path_config_json2 https_path_config_json2 redis_info_lowercase1 http_path_bad_request1

$ sikker related 152.32.228.20

🇷🇺·More threats fromRussia→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→FTP·More threats targetingFTP→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTPS→IMAP·More threats targetingIMAP→SIP·More threats targetingSIP→REDI·More threats targetingREDIS→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.2.188	94%	43
152.32.216.145	78%	7
152.32.173.15	76%	170
152.32.162.142	96%	1,031
165.154.24.138	92%	28

IP Address	Confidence	Events
2.63.211.145	79%	20,225
87.250.4.180	74%	10
213.110.12.89	35%	3
81.29.142.100	100%	28,262
37.77.150.119	94%	14,131