Check an IP Address, Domain Name, Subnet, or ASN

152.32.141.176 was found in our database!

$ whois 152.32.141.176

country·🇳🇬 Nigeria

city·Lagos

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.141.176scoring →

confidence

85%Very High

first_seen·Feb 6, 2026

last_seen·1h ago

sessions·190

events·193

$ sikker protocols 152.32.141.176

HTTPS

51 / 51

MONGODB

47 / 47

SIP

39 / 39

SSH

12 / 15

HTTP

12 / 12

FTP

9 / 9

RDP

9 / 9

SMB

5 / 5

RTSP

3 / 3

IMAP

2 / 2

DOCKER

1 / 1

$ sikker summary 152.32.141.176

152.32.141.176 has a threat confidence score of 85%. This IP address from Nigeria (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 190 honeypot sessions targeting HTTPS, MONGODB, SIP, SSH, HTTP and 6 other protocols. First observed on February 6, 2026, most recently active March 26, 2026.

$ sikker behaviors 152.32.141.176catalog →

lowFtp Extended Passive Mlsd Listing3x

FTP session where the client negotiates binary transfer mode, enters extended passive mode (EPSV), and issues an MLSD command to retrieve a machine-readable directory listing.

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttps Direct Bad Request Endpoint Access2x

Identifies direct HTTPS requests to the /bad-request path, indicating manual or automated probing of error-handling routes rather than normal application flow.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 152.32.141.176

http_method_get5 ftp_set_utf83 ftp_user_probe3 https_path_root3 ftp_help_request3 docker_get_method3 ftp_set_binary_mode3 ftp_password_attempt3 ftp_system_type_request3 ftp_feature_list_request3 ftp_machine_list_directory3 ftp_enter_extended_passive_mode3 http_path_bad_request2 docker_bad_request_uri2 https_path_bad_request2 rtsp_options1 rtsp_describe1 ftp_session_quit1

$ sikker related 152.32.141.176

Report IP WHOIS Lookup →

IP Address	Confidence	Events
118.26.39.178	100%	822
152.32.240.95	92%	502
152.32.170.42	95%	416
118.193.34.157	100%	630
101.36.106.162	100%	167

IP Address	Confidence	Events
197.211.63.56	42%	5
102.90.100.85	35%	3
102.88.137.213	100%	2,496
102.88.137.80	100%	3,026
102.90.102.160	35%	3