Check an IP Address, Domain Name, Subnet, or ASN

162.216.149.237 was found in our database!

$ whois 162.216.149.237

country·🇺🇸 United States

city·North Charleston

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 162.216.149.237scoring →

confidence

88%Very High

first_seen·Feb 2, 2026

last_seen·1h ago

first_reported·Feb 28, 2026

last_reported·21d ago

sessions·96

events·151

reports·1

$ sikker protocols 162.216.149.237

SIP

25 / 47

SMTP

25 / 47

RTSP

20 / 20 / 1r

MONGODB

7 / 16

MSSQL

12 / 12

TELNET

2 / 4

FTP

2 / 2

HTTP

2 / 2

HTTPS

1 / 1

$ sikker summary 162.216.149.237

162.216.149.237 has a threat confidence score of 88%. This IP address from United States (AS396982, Google LLC) has been observed in 96 honeypot sessions and reported 1 times targeting SIP, SMTP, RTSP, MONGODB, MSSQL and 4 other protocols. First observed on February 2, 2026, most recently active March 22, 2026.

$ sikker behaviors 162.216.149.237catalog →

lowRtsp Options Probe18x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 162.216.149.237

rtsp_options18 sip_call_id_alphanumeric_entropy15 smtp_ehlo_greeting10 http_method_get2 ftp_auth_tls1 https_path_root1

$ sikker reports 162.216.149.237submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Feb 28, 2026, 17:15	Brute Force	RTSP	SikkerGuard: 2 blocked packets

$ sikker related 162.216.149.237

🇺🇸·More threats fromUnited States→AS·More threats fromGoogle LLC→SIP·More threats targetingSIP→SMTP·More threats targetingSMTP→RTSP·More threats targetingRTSP→MONG·More threats targetingMONGODB→MSSQ·More threats targetingMSSQL→TELN·More threats targetingTELNET→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
35.203.210.80	66%	150
162.216.149.40	70%	160
162.216.149.233	59%	180
35.241.150.107	96%	56
35.203.210.170	61%	108

IP Address	Confidence	Events
5.253.86.23	97%	4,840
134.209.67.210	90%	91
198.211.112.202	39%	4
181.215.65.49	85%	2,514
216.218.206.66	100%	2,327