Check an IP Address, Domain Name, Subnet, or ASN

172.234.237.248 was found in our database!

$ whois 172.234.237.248

country·🇺🇸 United States

city·Tukwila

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 172.234.237.248scoring →

confidence

96%Very High

first_seen·Jan 26, 2026

last_seen·1h ago

first_reported·Mar 18, 2026

last_reported·8d ago

sessions·377

events·436

reports·1

$ sikker protocols 172.234.237.248

RTSP

86 / 89 / 1r

HTTPS

61 / 61

POSTGRES

45 / 46

TELNET

38 / 38

REDIS

22 / 37

SSH

27 / 36

HTTP

15 / 33

MONGODB

27 / 27

SMB

26 / 26

FTP

10 / 23

RDP

8 / 8

IMAP

8 / 8

MSSQL

2 / 2

DOCKER

2 / 2

$ sikker summary 172.234.237.248

172.234.237.248 has a threat confidence score of 96%. This IP address from United States (AS63949, Akamai Connected Cloud) has been observed in 377 honeypot sessions and reported 1 times targeting RTSP, HTTPS, POSTGRES, TELNET, REDIS and 9 other protocols. Detected attack patterns include http git repository config exposure probe. First observed on January 26, 2026, most recently active March 26, 2026.

$ sikker behaviors 172.234.237.248catalog →

highHttp Git Repository Config Exposure Probe1x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

lowRtsp Options Probe22x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttps Root Path Request13x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 172.234.237.248

rtsp_options37 https_path_root13 docker_get_method9 docker_bad_request_uri7 http_method_get5 mongodb_serverstatus_float_command3 redis_info_lowercase2 imap_capability_probe2 ftp_control_channel_binary_payload2 http_path_dotgit_config1

$ sikker reports 172.234.237.248submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 18, 2026, 16:18	Brute Force	RTSP	SikkerGuard: 4 blocked packets

$ sikker related 172.234.237.248

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.105.128.13	92%	1,906
66.228.53.46	87%	785
172.236.228.193	97%	1,862
139.144.31.179	74%	75
45.79.195.162	36%	175

IP Address	Confidence	Events
208.110.64.186	96%	2,709
45.33.12.122	78%	1,446
45.79.5.11	75%	1,329
66.132.224.92	69%	9
45.79.207.71	78%	1,519