Check an IP Address, Domain Name, Subnet, or ASN

162.216.149.200 was found in our database!

$ whois 162.216.149.200

country·🇺🇸 United States

city·North Charleston

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 162.216.149.200scoring →

confidence

76%High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·82

events·160

$ sikker protocols 162.216.149.200

SIP

34 / 68

MONGODB

17 / 35

SMTP

8 / 21

TELNET

5 / 10

REDIS

5 / 9

MSSQL

8 / 8

HTTP

3 / 7

RTSP

1 / 1

HTTPS

1 / 1

$ sikker summary 162.216.149.200

162.216.149.200 has a threat confidence score of 76%. This IP address from United States (AS396982, Google LLC) has been observed in 82 honeypot sessions targeting SIP, MONGODB, SMTP, TELNET, REDIS and 4 other protocols. First observed on January 21, 2026, most recently active March 22, 2026.

$ sikker behaviors 162.216.149.200catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoMongodb Serverstatus Discovery5x

Client issues MongoDB serverStatus requests and disconnects shortly after, indicating service inspection rather than active database interaction. This pattern is commonly associated with automated discovery activity where scanners collect runtime metrics or confirm database exposure without performing further queries.

infoRedis Info Command Invocation3x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 162.216.149.200

sip_call_id_alphanumeric_entropy18 mongodb_serverstatus15 smtp_ehlo_greeting6 redis_info_uppercase3 http_method_get2 rtsp_options1 https_path_root1

$ sikker related 162.216.149.200

🇺🇸·More threats fromUnited States→AS·More threats fromGoogle LLC→SIP·More threats targetingSIP→MONG·More threats targetingMONGODB→SMTP·More threats targetingSMTP→TELN·More threats targetingTELNET→REDI·More threats targetingREDIS→MSSQ·More threats targetingMSSQL→HTTP·More threats targetingHTTP→RTSP·More threats targetingRTSP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
147.185.133.237	61%	146
205.210.31.163	91%	245
147.185.133.21	69%	159
35.203.211.235	83%	124
162.216.149.208	75%	249

IP Address	Confidence	Events
185.218.138.21	97%	4,772
157.230.209.122	56%	15
92.118.39.92	100%	104,051
147.185.133.16	57%	129
198.143.149.250	96%	13,302