Check an IP Address, Domain Name, Subnet, or ASN

162.216.149.170 was found in our database!

$ whois 162.216.149.170

country·🇺🇸 United States

city·North Charleston

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 162.216.149.170scoring →

confidence

82%Very High

first_seen·Jan 28, 2026

last_seen·1h ago

first_reported·Mar 8, 2026

last_reported·13d ago

sessions·146

events·209

reports·1

$ sikker protocols 162.216.149.170

SMTP

54 / 68

SIP

22 / 49

SSH

21 / 21

MSSQL

21 / 21

HTTPS

8 / 17

REDIS

4 / 10

HTTP

6 / 7

MONGODB

3 / 7

SMB

4 / 6

POSTGRES

2 / 2

RTSP

1 / 1 / 1r

$ sikker summary 162.216.149.170

162.216.149.170 has a threat confidence score of 82%. This IP address from United States (AS396982, Google LLC) has been observed in 146 honeypot sessions and reported 1 times targeting SMTP, SIP, SSH, MSSQL, HTTPS and 6 other protocols. First observed on January 28, 2026, most recently active March 21, 2026.

$ sikker behaviors 162.216.149.170catalog →

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation3x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoMongodb Serverstatus Discovery1x

Client issues MongoDB serverStatus requests and disconnects shortly after, indicating service inspection rather than active database interaction. This pattern is commonly associated with automated discovery activity where scanners collect runtime metrics or confirm database exposure without performing further queries.

$ sikker primitives 162.216.149.170

smtp_ehlo_greeting24 sip_call_id_alphanumeric_entropy8 http_method_get6 mongodb_serverstatus3 redis_info_uppercase3 https_path_root1

$ sikker reports 162.216.149.170submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 8, 2026, 02:42	Brute Force	RTSP	SikkerGuard: 2 blocked packets

$ sikker related 162.216.149.170

🇺🇸·More threats fromUnited States→AS·More threats fromGoogle LLC→SMTP·More threats targetingSMTP→SIP·More threats targetingSIP→SSH·More threats targetingSSH→MSSQ·More threats targetingMSSQL→HTTP·More threats targetingHTTPS→REDI·More threats targetingREDIS→HTTP·More threats targetingHTTP→MONG·More threats targetingMONGODB→SMB·More threats targetingSMB→POST·More threats targetingPOSTGRES→RTSP·More threats targetingRTSP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
198.235.24.33	83%	136
205.210.31.36	90%	203
198.235.24.71	92%	344
34.123.42.157	95%	535
198.235.24.174	97%	285

IP Address	Confidence	Events
38.54.104.5	97%	582
68.183.119.68	68%	53
16.58.56.214	100%	31,574
170.106.167.247	95%	943
20.83.185.81	70%	135