Check an IP Address, Domain Name, Subnet, or ASN

172.86.91.235 was found in our database!

$ whois 172.86.91.235

country·🇺🇸 United States

city·Dallas

isp·RouterHosting LLC

asn·AS14956

network·Standard

$ sikker risk 172.86.91.235scoring →

confidence

97%Very High

first_seen·Apr 23, 2026

last_seen·7h ago

sessions·57

events·57

$ sikker protocols 172.86.91.235

SIP

57 / 57

$ sikker summary 172.86.91.235

172.86.91.235 has a threat confidence score of 97%. This IP address from United States (AS14956, RouterHosting LLC) has been observed in 57 honeypot sessions targeting SIP protocols. Detected attack patterns include sip call id high entropy hex 32. First observed on April 23, 2026, most recently active April 24, 2026.

$ sikker behaviors 172.86.91.235catalog →

highSip Call Id High Entropy Hex 323x

SIP activity where Call-ID values exhibit high entropy and fixed 32-character hexadecimal format, indicating automated generation typically associated with scanning tools, fuzzing frameworks, or SIP enumeration activity.

mediumSip Invite Random Call Id To Ip24x

Identifies SIP scanning or probing activity where an attacker sends INVITE requests directly to a target IP address using randomly generated Call-ID tokens. This pattern is commonly associated with VoIP reconnaissance, SIP endpoint discovery, and automated dialer or PBX attack tooling attempting to enumerate reachable SIP services.

$ sikker primitives 172.86.91.235

sip_invite_request54 sip_call_id_token_at_ip24 sip_call_id_hex_323 sip_call_id_alphanumeric_entropy3

$ sikker related 172.86.91.235

🇺🇸·More threats fromUnited States→AS·More threats fromRouterHosting LLC→SIP·More threats targetingSIP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
144.172.101.92	21%	10
172.86.116.48	94%	26
144.172.111.225	96%	177
144.172.95.65	64%	38
107.189.27.179	99%	111

IP Address	Confidence	Events
3.132.26.232	100%	22,691
3.130.168.2	100%	45,296
20.115.56.149	58%	161
3.134.216.108	100%	19,416
45.74.59.3	60%	17