Check an IP Address, Domain Name, Subnet, or ASN

160.119.76.55 was found in our database!

$ whois 160.119.76.55

country·🇸🇨 Seychelles

isp·HostUS

asn·AS7489

network·Standard

$ sikker risk 160.119.76.55scoring →

confidence

96%Very High

first_seen·Mar 13, 2026

last_seen·10m ago

first_reported·Mar 15, 2026

last_reported·11d ago

sessions·760

events·760

reports·15

$ sikker protocols 160.119.76.55

HTTPS

163 / 163 / 1r

HTTP

123 / 123 / 2r

IMAP

72 / 72

SMB

55 / 55 / 2r

REDIS

48 / 48 / 1r

FTP

41 / 41 / 1r

SSH

40 / 40 / 2r

SMTP

38 / 38 / 2r

RDP

38 / 38

MSSQL

34 / 34 / 1r

TELNET

30 / 30 / 1r

POSTGRES

26 / 26

MONGODB

25 / 25 / 1r

ELASTICSEARCH

16 / 16

RTSP

8 / 8

DOCKER

3 / 3

MYSQL

0 / 0 / 1r

$ sikker summary 160.119.76.55

160.119.76.55 has a threat confidence score of 96%. This IP address from Seychelles (AS7489, HostUS) has been observed in 760 honeypot sessions and reported 15 times targeting HTTPS, HTTP, IMAP, SMB, REDIS and 12 other protocols. First observed on March 13, 2026, most recently active March 27, 2026.

$ sikker behaviors 160.119.76.55catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request10x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 160.119.76.55

http_method_get17 elastic_root_path_probe16 elastic_http_get_request16 redis_ping15 ftp_control_channel_binary_payload9 https_path_root6 docker_get_method2 docker_bad_request_uri2 rtsp_options1

$ sikker reports 160.119.76.55submit →

Showing 5 of 15 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 15, 2026, 16:59	Brute Force	SMTP	SikkerGuard: 2 blocked packets
User	Mar 15, 2026, 16:54	Brute Force	MSSQL	SikkerGuard: 2 blocked packets
User	Mar 15, 2026, 16:44	Brute Force	HTTPS	SikkerGuard: 2 blocked packets
User	Mar 15, 2026, 16:39	Brute Force	SMTP	SikkerGuard: 4 blocked packets
User	Mar 15, 2026, 16:34	Brute Force	SSH	SikkerGuard: 2 blocked packets

1 / 3

$ sikker related 160.119.76.55

Report IP WHOIS Lookup →

IP Address	Confidence	Events
216.189.157.132	100%	1,140
45.58.52.3	23%	1

IP Address	Confidence	Events
160.119.76.63	81%	287
160.119.76.50	89%	523
154.197.141.9	44%	6
160.119.76.61	85%	322
45.195.221.26	100%	990