Check an IP Address, Domain Name, Subnet, or ASN

172.236.228.229 was found in our database!

$ whois 172.236.228.229

country·🇺🇸 United States

city·Los Angeles

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 172.236.228.229scoring →

confidence

91%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·975

events·1,712

$ sikker protocols 172.236.228.229

SSH

520 / 817

HTTP

80 / 163

FTP

26 / 153

REDIS

33 / 126

HTTPS

72 / 101

TELNET

44 / 70

IMAP

43 / 66

SIP

34 / 60

POSTGRES

36 / 36

MONGODB

18 / 32

RTSP

14 / 29

SMB

28 / 28

DOCKER

7 / 11

MSSQL

10 / 10

ELASTICSEARCH

8 / 8

RDP

2 / 2

$ sikker summary 172.236.228.229

172.236.228.229 has a threat confidence score of 91%. This IP address from United States (AS63949, Akamai Connected Cloud) has been observed in 975 honeypot sessions targeting SSH, HTTP, FTP, REDIS, HTTPS and 11 other protocols. First observed on January 21, 2026, most recently active March 25, 2026.

$ sikker behaviors 172.236.228.229catalog →

lowFtp Control Channel Protocol Anomaly11x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttps Root Path Request27x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request18x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 172.236.228.229

ftp_control_channel_binary_payload49 https_path_root29 empty_ftp_command28 http_method_get18 docker_get_method8 elastic_root_path_probe8 elastic_http_get_request8 redis_command_http_host_header_port_63796 docker_bad_request_uri2

$ sikker related 172.236.228.229

Report IP WHOIS Lookup →

IP Address	Confidence	Events
139.144.31.132	73%	57
192.81.129.75	59%	68
50.116.56.63	95%	64
45.79.180.118	45%	5
173.255.225.198	23%	1

IP Address	Confidence	Events
45.61.184.223	99%	8,271
124.198.132.174	100%	609
185.218.138.16	97%	6,242
92.118.39.62	100%	377,089
185.218.138.3	97%	5,592