Check an IP Address, Domain Name, Subnet, or ASN

162.216.149.187 was found in our database!

$ whois 162.216.149.187

country·🇺🇸 United States

city·North Charleston

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 162.216.149.187scoring →

confidence

79%High

first_seen·Jan 25, 2026

last_seen·3h ago

sessions·97

events·125

$ sikker protocols 162.216.149.187

SMTP

44 / 59

SIP

14 / 25

RDP

8 / 8

MSSQL

6 / 6

TELNET

6 / 6

MONGODB

6 / 6

REDIS

5 / 5

HTTP

1 / 3

SSH

2 / 2

FTP

1 / 1

RTSP

1 / 1

HTTPS

1 / 1

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 162.216.149.187

162.216.149.187 has a threat confidence score of 79%. This IP address from United States (AS396982, Google LLC) has been observed in 97 honeypot sessions targeting SMTP, SIP, RDP, MSSQL, TELNET and 9 other protocols. First observed on January 25, 2026, most recently active April 14, 2026.

$ sikker behaviors 162.216.149.187catalog →

mediumRdp Legacy Plaintext Authentication Attempt2x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 162.216.149.187

smtp_ehlo_greeting15 sip_call_id_alphanumeric_entropy8 redis_command_ff3 redis_command_32c03840666aa2a3353 redis_command_cc676b33393c3d2f35c03 docker_get_method2 docker_bad_request_uri2 mongodb_serverstatus_float_command2 rdp_legacy_plaintext_authenthication2 rtsp_options1 http_method_get1 https_path_root1 elastic_root_path_probe1 elastic_http_get_request1

$ sikker related 162.216.149.187

Report IP WHOIS Lookup →

IP Address	Confidence	Events
147.185.132.43	99%	401
34.53.158.15	99%	145
8.229.49.198	19%	2
198.235.24.100	98%	370
198.235.24.55	96%	264

IP Address	Confidence	Events
181.215.65.163	64%	311
3.130.168.2	100%	39,358
16.58.56.214	100%	48,992
205.210.31.197	99%	381
184.105.247.194	100%	3,292