Check an IP Address, Domain Name, Subnet, or ASN

152.32.141.86 was found in our database!

$ whois 152.32.141.86

country·🇳🇬 Nigeria

city·Lagos

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.141.86scoring →

confidence

85%Very High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·132

events·167

$ sikker protocols 152.32.141.86

HTTPS

51 / 70

RDP

27 / 27

HTTP

20 / 25

TR069

4 / 11

SMB

10 / 10

SIP

6 / 6

SSH

6 / 6

IMAP

2 / 6

FTP

3 / 3

RTSP

3 / 3

$ sikker summary 152.32.141.86

152.32.141.86 has a threat confidence score of 85%. This IP address from Nigeria (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 132 honeypot sessions targeting HTTPS, RDP, HTTP, TR069, SMB and 5 other protocols. First observed on January 23, 2026, most recently active April 17, 2026.

$ sikker behaviors 152.32.141.86catalog →

mediumSip Request Uri Sip Nm2x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Http Method Get2x

HTTP request using GET method.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 152.32.141.86

http_method_get5 https_path_root3 http_path_bad_request3 sip_request_uri_sip_nm2 imap_logout1 ftp_set_utf81 rtsp_options1 rtsp_describe1 ftp_user_probe1 ftp_help_request1 ftp_session_quit1 ftp_set_binary_mode1 ftp_password_attempt1 imap_capability_probe1 ftp_system_type_request1 ftp_feature_list_request1 ftp_enter_extended_passive_mode1

$ sikker related 152.32.141.86

🇳🇬·More threats fromNigeria→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→TR06·More threats targetingTR069→SMB·More threats targetingSMB→SIP·More threats targetingSIP→SSH·More threats targetingSSH→IMAP·More threats targetingIMAP→FTP·More threats targetingFTP→RTSP·More threats targetingRTSP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.120.211	93%	508
152.32.247.233	96%	4,192
165.154.36.107	99%	582
150.107.36.236	95%	953
165.154.138.34	85%	773

IP Address	Confidence	Events
102.88.114.117	39%	4
102.90.34.90	55%	459
105.112.205.10	39%	4
154.120.99.140	35%	3
102.90.100.72	46%	7