Check an IP Address, Domain Name, Subnet, or ASN

167.71.35.23 was found in our database!

$ whois 167.71.35.23

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 167.71.35.23scoring →

confidence

90%Very High

first_seen·Apr 18, 2026

last_seen·27m ago

sessions·128

events·128

$ sikker protocols 167.71.35.23

SMTP

47 / 47

FTP

44 / 44

HTTP

16 / 16

HTTPS

12 / 12

IMAP

8 / 8

SSH

1 / 1

$ sikker summary 167.71.35.23

167.71.35.23 has a threat confidence score of 90%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 128 honeypot sessions targeting SMTP, FTP, HTTP, HTTPS, IMAP and 1 other protocols. First observed on April 18, 2026, most recently active April 19, 2026.

$ sikker behaviors 167.71.35.23catalog →

infoHttp Http Method Get5x

HTTP request using GET method.

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoSmtp Tls Capability Probe4x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoFtp Tls Upgrade3x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 167.71.35.23

empty_ftp_command55 http_method_get10 ftp_auth_tls4 smtp_ehlo_greeting4 smtp_starttls_upgrade_request4 https_path_root3 http_path_bad_request2

$ sikker related 167.71.35.23

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→SMTP·More threats targetingSMTP→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→IMAP·More threats targetingIMAP→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.22.218.119	93%	11,638
167.172.247.186	23%	1
168.144.30.136	52%	12
142.93.145.126	94%	1,852
138.197.16.14	92%	1,477

IP Address	Confidence	Events
172.86.67.130	100%	1,561
193.24.210.169	78%	5,159
87.98.245.221	100%	17,290
87.98.242.75	97%	27,722
216.24.213.226	88%	14,847