172.236.228.38 — Akamai Connected Cloud, US — Very High (90%)

Check an IP Address, Domain Name, Subnet, or ASN

172.236.228.38 was found in our database!

Confidence Level

90%

Very High?

Geolocation

🇺🇸

United StatesLos Angeles

ISPAkamai Connected Cloud

ASNAS63949

Activity Timeline

First seenJan 20, 2026, 06:10 PM

Last seen14h ago

845Sessions

1,651Events

Protocol Breakdown

SSH

496 / 839

REDIS

26 / 137

RTSP

28 / 126

HTTP

61 / 125

HTTPS

55 / 98

FTP

16 / 94

IMAP

31 / 52

TELNET

24 / 41

MONGODB

22 / 33

SMB

32 / 32

SIP

16 / 30

POSTGRES

14 / 14

MSSQL

12 / 12

DOCKER

5 / 9

ELASTICSEARCH

5 / 5

WINRM

2 / 4

172.236.228.38 has a very high threat confidence level of 90%, originating from Los Angeles, United States, on the Akamai Connected Cloud network (63949). It has been observed across 845 sessions targeting SSH, REDIS, RTSP, HTTP, HTTPS and 11 other protocols, First observed on January 20, 2026, most recently active March 2, 2026.

Behaviors

Classified behavioral patterns observed

Ftp Control Channel Protocol Anomaly

low8x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

Http Root Path Request

info10x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info9x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Bad Request Route Probe

info2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Ftp Control Channel Binary Payload39 Empty Ftp Command24 Http Method Get12 Https Path Root9 Elastic Root Path Probe5 Elastic Http Get Request5 Docker Get Method4 Redis Command Http Host Header Port 63794 Http Path Bad Request2

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
172.105.157.220	91%	373
172.105.197.151	75%	847
172.105.128.11	91%	1,501
172.236.228.208	90%	1,569
192.155.90.118	90%	1,618

IP Address	Confidence	Events
168.144.38.100	99%	84
157.245.142.197	77%	74
18.116.101.220	99%	17,008
34.135.179.84	26%	1
172.69.134.72	7%	667