Check an IP Address, Domain Name, Subnet, or ASN

152.32.156.117 was found in our database!

$ whois 152.32.156.117

country·🇮🇳 India

city·Mumbai

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.156.117scoring →

confidence

93%Very High

first_seen·Jan 28, 2026

last_seen·1h ago

sessions·305

events·429

$ sikker protocols 152.32.156.117

SMTP

69 / 155

HTTPS

117 / 117

RTSP

9 / 36

HTTP

31 / 31

MSSQL

24 / 24

SSH

12 / 19

SMB

17 / 17

TELNET

12 / 16

FTP

5 / 5

POSTGRES

4 / 4

MYSQL

3 / 3

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 152.32.156.117

152.32.156.117 has a threat confidence score of 93%. This IP address from India (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 305 honeypot sessions targeting SMTP, HTTPS, RTSP, HTTP, MSSQL and 8 other protocols. First observed on January 28, 2026, most recently active March 22, 2026.

$ sikker behaviors 152.32.156.117catalog →

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

mediumSmb Remote Enumeration Via Samr And Srvsvc1x

Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.

lowMysql Schema Discovery Bot3x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

infoHttp Root Path Request19x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 152.32.156.117

elastic_root_path_probe35 http_method_get23 docker_get_method9 elastic_http_get_request9 https_path_root6 smtp_ehlo_greeting6 https_path_config_json5 http_path_config_json4 mysql_show_databases3 smtp_starttls_upgrade_request3 smb_root_read2 ftp_user_probe2 empty_ftp_command2 smb_srvsvc_rpc_bind2 elastic_cat_indices_enumeration2 ftp_auth_tls1 ftp_help_request1 smb_samr_rpc_bind1 ftp_set_ascii_mode1 ftp_password_attempt1

$ sikker related 152.32.156.117

Report IP WHOIS Lookup →

IP Address	Confidence	Events
101.36.121.22	97%	1,141
152.32.180.138	90%	650
128.14.237.9	88%	511
152.32.252.65	100%	855
152.32.226.88	100%	185

IP Address	Confidence	Events
59.180.184.142	58%	1
103.110.236.46	54%	810
206.189.133.251	75%	5
34.93.128.179	100%	819
125.19.218.2	50%	371