Check an IP Address, Domain Name, Subnet, or ASN

152.32.206.49 was found in our database!

$ whois 152.32.206.49

country·🇺🇸 United States

city·Reston

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 152.32.206.49scoring →

confidence

85%Very High

first_seen·Feb 4, 2026

last_seen·1h ago

sessions·228

events·293

$ sikker protocols 152.32.206.49

IMAP

57 / 79

SIP

48 / 62

SMB

29 / 43

HTTP

22 / 35

MSSQL

22 / 22

SMTP

21 / 21

POSTGRES

16 / 18

REDIS

9 / 9

SSH

4 / 4

$ sikker summary 152.32.206.49

152.32.206.49 has a threat confidence score of 85%. This IP address from United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 228 honeypot sessions targeting IMAP, SIP, SMB, HTTP, MSSQL and 4 other protocols. First observed on February 4, 2026, most recently active March 30, 2026.

$ sikker behaviors 152.32.206.49catalog →

mediumSmb Remote Enumeration Via Samr And Srvsvc2x

Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.

mediumSrvsvc Share Enumeration1x

SMB session opening IPC$, accessing and binding to the srvsvc pipe, then reading the root directory. Enumerates available shares without further traversal.

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 152.32.206.49

http_method_get7 smb_root_read4 smb_srvsvc_rpc_bind4 smb_samr_rpc_bind2 smb_ipc_share_access2 smb_srvsvc_pipe_open2 smtp_ehlo_greeting1 redis_info_lowercase1 http_path_bad_request1 http_path_config_json1

$ sikker related 152.32.206.49

🇺🇸·More threats fromUnited States→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→IMAP·More threats targetingIMAP→SIP·More threats targetingSIP→SMB·More threats targetingSMB→HTTP·More threats targetingHTTP→MSSQ·More threats targetingMSSQL→SMTP·More threats targetingSMTP→POST·More threats targetingPOSTGRES→REDI·More threats targetingREDIS→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.32.215.30	90%	40
45.43.63.34	95%	1,866
152.32.247.233	95%	350
118.193.59.4	74%	115
152.32.171.99	100%	879

IP Address	Confidence	Events
165.154.206.71	75%	172
66.210.241.74	78%	505
66.132.172.140	99%	252
104.243.32.182	99%	5,646
192.210.186.10	100%	3,238