Check an IP Address, Domain Name, Subnet, or ASN

152.32.180.86 was found in our database!

$ whois 152.32.180.86

country·🇦🇪 United Arab Emirates

city·Dubai

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.180.86scoring →

confidence

79%High

first_seen·Feb 6, 2026

last_seen·1h ago

sessions·188

events·296

$ sikker protocols 152.32.180.86

FTP

5 / 113

HTTPS

38 / 38

SMB

36 / 36

SMTP

30 / 30

MSSQL

22 / 22

HTTP

14 / 14

RTSP

9 / 9

MONGODB

9 / 9

TELNET

8 / 8

POSTGRES

8 / 8

SIP

7 / 7

MYSQL

1 / 1

DOCKER

1 / 1

$ sikker summary 152.32.180.86

152.32.180.86 has a threat confidence score of 79%. This IP address from United Arab Emirates (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 188 honeypot sessions targeting FTP, HTTPS, SMB, SMTP, MSSQL and 8 other protocols. First observed on February 6, 2026, most recently active March 22, 2026.

$ sikker behaviors 152.32.180.86catalog →

lowMysql Schema Discovery Bot1x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

lowFtp Control Channel Protocol Anomaly1x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 152.32.180.86

docker_get_method9 http_method_get8 ftp_control_channel_binary_payload4 https_path_root2 empty_ftp_command2 https_path_config_json2 smtp_ehlo_greeting1 mysql_show_databases1 http_path_config_json1 docker_bad_request_uri1 smtp_starttls_upgrade_request1 docker_list_containers_endpoint1 mongodb_serverstatus_float_command1

$ sikker related 152.32.180.86

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.186.86	43%	1
165.154.2.188	54%	2
45.43.63.34	96%	1,400
165.154.2.235	97%	3,768
123.58.212.9	97%	3,590

IP Address	Confidence	Events
31.57.216.224	69%	44
31.56.208.84	74%	261
86.98.49.115	47%	465
154.90.54.142	97%	37
165.154.241.151	96%	1,607