Check an IP Address, Domain Name, Subnet, or ASN

173.255.229.153 was found in our database!

$ whois 173.255.229.153

country·🇺🇸 United States

city·Cedar Knolls

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 173.255.229.153scoring →

confidence

97%Very High

first_seen·Jan 22, 2026

last_seen·18m ago

sessions·168

events·184

$ sikker protocols 173.255.229.153

SSH

124 / 130

SMTP

22 / 22

HTTPS

6 / 9

RTSP

7 / 7

SIP

2 / 6

HTTP

2 / 5

POSTGRES

4 / 4

IMAP

1 / 1

$ sikker summary 173.255.229.153

173.255.229.153 has a threat confidence score of 97%. This IP address from United States (AS63949, Akamai Connected Cloud) has been observed in 168 honeypot sessions targeting SSH, SMTP, HTTPS, RTSP, SIP and 3 other protocols. First observed on January 22, 2026, most recently active April 5, 2026.

$ sikker behaviors 173.255.229.153catalog →

mediumScp Quiet Remote File Upload45x

Identifies the use of SCP in quiet mode (-q) with “to” mode (-t), indicating the remote system is receiving a file. This pattern is commonly associated with post-authentication payload delivery, lateral movement staging, or tool transfer to a compromised host.

lowRtsp Options Probe3x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoSmtp Tls Capability Probe1x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 173.255.229.153

ssh_uname_single_flag_query_via_awk216 scp_quiet_to_mode_file_transfer135 ssh_uname_s_v_n_r_m72 ssh_nproc_available_cpu_count72 ssh_uname_machine_architecture72 ssh_uptime_text_parsing_pipeline72 ssh_nvidia_smi_product_name_filter72 ssh_lscpu_model_name_field_extraction72 ssh_lspci_vga_and_3d_controller_enumeration72 ssh_nvidia_smi_product_name_gpu_count_query72 rtsp_options3 http_method_get1 smtp_ehlo_greeting1 smtp_starttls_upgrade_request1

$ sikker related 173.255.229.153

🇺🇸·More threats fromUnited States→AS·More threats fromAkamai Connected Cloud→SSH·More threats targetingSSH→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTPS→RTSP·More threats targetingRTSP→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→POST·More threats targetingPOSTGRES→IMAP·More threats targetingIMAP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.105.197.151	80%	1,242
104.200.30.21	33%	5
104.200.30.146	22%	2
69.164.213.100	98%	204
45.79.184.97	21%	7

IP Address	Confidence	Events
206.119.172.85	43%	1
23.150.40.138	98%	1,978
198.235.24.14	96%	234
147.185.132.90	97%	393
71.184.116.177	79%	1,102