Check an IP Address, Domain Name, Subnet, or ASN

172.236.228.245 was found in our database!

$ whois 172.236.228.245

country·🇺🇸 United States

city·Los Angeles

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 172.236.228.245scoring →

confidence

93%Very High

first_seen·Jan 20, 2026

last_seen·2h ago

sessions·1,007

events·1,734

$ sikker protocols 172.236.228.245

SSH

494 / 738

HTTP

93 / 186

REDIS

40 / 139

FTP

20 / 138

HTTPS

78 / 137

RTSP

30 / 82

TELNET

48 / 72

IMAP

45 / 65

SIP

34 / 38

SMB

35 / 35

MONGODB

20 / 26

MSSQL

24 / 24

POSTGRES

22 / 22

DOCKER

7 / 13

RDP

10 / 10

ELASTICSEARCH

6 / 6

TR069

1 / 3

$ sikker summary 172.236.228.245

172.236.228.245 has a threat confidence score of 93%. This IP address from United States (AS63949, Akamai Connected Cloud) has been observed in 1,007 honeypot sessions targeting SSH, HTTP, REDIS, FTP, HTTPS and 12 other protocols. First observed on January 20, 2026, most recently active March 18, 2026.

$ sikker behaviors 172.236.228.245catalog →

lowFtp Control Channel Protocol Anomaly11x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

infoHttps Root Path Request24x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request21x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 172.236.228.245

ftp_control_channel_binary_payload61 empty_ftp_command35 http_method_get25 https_path_root24 docker_get_method16 docker_bad_request_uri10 redis_command_http_host_header_port_63798 elastic_root_path_probe6 elastic_http_get_request6 http_path_bad_request3

$ sikker related 172.236.228.245

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.104.93.159	70%	922
139.162.116.22	55%	824
45.79.181.94	90%	1,900
45.79.172.21	92%	1,790
172.236.228.115	91%	1,819

IP Address	Confidence	Events
167.94.138.57	30%	1,383
64.64.116.14	81%	467
65.49.1.132	100%	1,357
3.130.168.2	100%	23,335
172.98.33.180	81%	469