IP Risk Score: 64 / 100

This IP presents a moderate risk and may be associated with automated activity. Moderate behavioral signals suggest possible automated probing or scanning. This assessment is backed by strong and consistent detection signals. The combined signals place this IP in a moderate risk category. Monitoring is recommended, with defensive action considered if activity continues.

Detect suspicious IPs early

What is this IP address?

IP Address: 152.254.167.194

Country: Brazil flag

Brazil (BR)

Region Name: São Paulo (SP)

City: São Paulo

ISP: Vivo

Organization: TELEF�NICA BRASIL S.A

Threat level: 64 / 100
Conf. level: 100 / 100

Properties

ASN: AS27699

AS Name: TELEFÔNICA BRASIL S.A

Timezone: America/Sao_Paulo

Reverse DNS: 152-254-167-194.user.vivozap.com.br

Status: Suspicious

Observed Client Profile

OS: Android (100%)
Device Type: Mobile (100%)
Browser Family: Chrome (100%)
Rendering Engine: Gecko (100%)

Behavioral Indicators

The IP shows signs of automated behavior with a non-standard user-agent and no JavaScript support. The request pattern indicates potential probing activity, particularly targeting an external IP. The RDNS does not point to a known cloud provider, but the overall behavior raises concerns.

The supernet (152.254.0.0/16), which this IP belongs to, exhibits signs of coordinated behavior with multiple IPs showing repetitive, low-interaction visits to the same site, suggesting potential automation or scraping activity. The lack of forward DNS matches and the use of identical RDNS entries across the IPs raise concerns about the legitimacy of the traffic.

🕸️

Botnet Node

JavaScript Support

⚠️ No

User-Agent Samples

Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.9545.1055 Mobile Safari/537.36

Integrate IPIntel into your system

IP Location

Region: São Paulo, Brazil

City: São Paulo

Local time: 2026-06-23 07:07:00

Subnet
152.254.167.0/24
Supernet
152.254.0.0/16