Check an IP Address, Domain Name, Subnet, or ASN

152.32.199.33 was found in our database!

$ whois 152.32.199.33

country·🇧🇷 Brazil

city·São Paulo

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.199.33scoring →

confidence

92%Very High

first_seen·Jan 30, 2026

last_seen·1h ago

sessions·408

events·596

$ sikker protocols 152.32.199.33

SMTP

120 / 190

SIP

140 / 140

FTP

10 / 119

SMB

43 / 43

HTTPS

38 / 38

MONGODB

17 / 26

MSSQL

12 / 12

SSH

8 / 8

HTTP

7 / 7

TELNET

4 / 4

ELASTICSEARCH

4 / 4

RTSP

3 / 3

MYSQL

2 / 2

$ sikker summary 152.32.199.33

152.32.199.33 has a threat confidence score of 92%. This IP address from Brazil (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 408 honeypot sessions targeting SMTP, SIP, FTP, SMB, HTTPS and 8 other protocols. First observed on January 30, 2026, most recently active April 28, 2026.

$ sikker behaviors 152.32.199.33catalog →

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

lowMysql Schema Discovery Bot2x

Automated reconnaissance behavior that performs a basic enumeration of accessible MySQL databases to identify available schemas and infer hosted applications or data presence. Often used as an initial validation step to confirm database access and assess whether further enumeration or extraction is worthwhile.

lowFtp Control Channel Protocol Anomaly1x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttps Path Robots Txt2x

HTTPS request to /robots.txt.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Fetch Robots Txt1x

HTTP GET request to /robots.txt.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 152.32.199.33

elastic_root_path_probe82 smb_c_share_access38 elastic_http_get_request36 smb_root_read16 smtp_ehlo_greeting9 elastic_cat_indices_enumeration8 smb_wildcard_match6 smtp_starttls_upgrade_request5 empty_ftp_command4 smb_srvsvc_rpc_bind4 elastic_http_favicon_path_probe4 smb_rpc_srvsvc_interface_access4 ftp_control_channel_binary_payload4 elastic_http_bad_request_path_probe4 sip_request_uri_sip_nm3 ftp_user_probe2 smb_samr_rpc_bind2 mysql_show_databases2 smb_ipc_share_access2 smb_srvsvc_pipe_open2

$ sikker related 152.32.199.33

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.247.233	96%	6,892
118.194.229.85	96%	803
123.58.200.167	96%	859
152.32.145.67	97%	497
165.154.17.24	95%	1,394

IP Address	Confidence	Events
186.204.20.106	94%	1,583
35.199.91.184	96%	7,885
31.56.44.128	96%	205
177.177.201.203	91%	13
45.238.5.128	99%	52