Check an IP Address, Domain Name, Subnet, or ASN

162.216.149.137 was found in our database!

$ whois 162.216.149.137

country·🇺🇸 United States

city·North Charleston

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 162.216.149.137scoring →

confidence

73%High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·119

events·172

$ sikker protocols 162.216.149.137

SMTP

29 / 55

SSH

25 / 29

RDP

20 / 20

SIP

6 / 17

HTTPS

11 / 17

MSSQL

11 / 11

HTTP

6 / 10

SMB

4 / 6

POSTGRES

5 / 5

DOCKER

1 / 1

TELNET

1 / 1

$ sikker summary 162.216.149.137

162.216.149.137 has a threat confidence score of 73%. This IP address from United States (AS396982, Google LLC) has been observed in 119 honeypot sessions targeting SMTP, SSH, RDP, SIP, HTTPS and 6 other protocols. First observed on January 23, 2026, most recently active March 22, 2026.

$ sikker behaviors 162.216.149.137catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 162.216.149.137

smtp_ehlo_greeting16 http_method_get4 sip_call_id_alphanumeric_entropy4 https_path_root3 docker_get_method2 docker_bad_request_uri2 rdp_legacy_plaintext_authenthication1

$ sikker related 162.216.149.137

🇺🇸·More threats fromUnited States→AS·More threats fromGoogle LLC→SMTP·More threats targetingSMTP→SSH·More threats targetingSSH→RDP·More threats targetingRDP→SIP·More threats targetingSIP→HTTP·More threats targetingHTTPS→MSSQ·More threats targetingMSSQL→HTTP·More threats targetingHTTP→SMB·More threats targetingSMB→POST·More threats targetingPOSTGRES→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
198.235.24.159	94%	136
198.235.24.6	87%	157
216.180.246.89	69%	135
147.185.132.49	98%	267
35.203.210.223	66%	121

IP Address	Confidence	Events
3.134.216.108	100%	8,799
92.118.39.87	100%	251,743
92.118.39.92	100%	104,213
198.235.24.159	94%	136
147.93.179.130	100%	101