Check an IP Address, Domain Name, Subnet, or ASN

178.16.54.138 was found in our database!

$ whois 178.16.54.138

country·🇳🇱 The Netherlands

city·Amsterdam

isp·Omegatech LTD

asn·AS202412

network·Standard

$ sikker risk 178.16.54.138scoring →

confidence

91%Very High

first_seen·Feb 19, 2026

last_seen·2h ago

first_reported·Feb 27, 2026

last_reported·Feb 27, 2026

sessions·47

events·47

reports·1

$ sikker protocols 178.16.54.138

SMTP

47 / 47 / 1r

$ sikker summary 178.16.54.138

178.16.54.138 has a threat confidence score of 91%. This IP address from The Netherlands (AS202412, Omegatech LTD) has been observed in 47 honeypot sessions and reported 1 times targeting SMTP protocols. Detected attack patterns include smtp open relay probe. First observed on February 19, 2026, most recently active April 7, 2026.

$ sikker behaviors 178.16.54.138catalog →

highSmtp Open Relay Probe5x

Automated SMTP interaction sequence consistent with open-relay validation or spam delivery testing. The client performs a full transaction flow (EHLO → RSET → MAIL FROM → RCPT TO → DATA → QUIT) and submits a minimal test message containing known probe markers such as t_Smtp.LocalIP. This pattern indicates scripted activity attempting to confirm whether the server allows unauthenticated message relaying or outbound mail submission. Such behavior is commonly observed from spam bot infrastructure validating targets before larger abuse campaigns.

infoSmtp Tls Capability Probe3x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 178.16.54.138

smtp_rcpt_to_recipient_declaration76 smtp_ehlo_greeting31 smtp_data_message_submission31 smtp_mail_from_envelope_sender31 smtp_rset_session_reset27 smtp_body_localip_probe_marker15 smtp_quit_session_termination9 smtp_helo_greeting3 smtp_starttls_upgrade_request3

$ sikker reports 178.16.54.138submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Feb 27, 2026, 09:16	Brute Force	SMTP	SikkerGuard: 18 blocked packets

$ sikker related 178.16.54.138

🇳🇱·More threats fromThe Netherlands→AS·More threats fromOmegatech LTD→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
130.12.180.174	91%	4,935
130.12.180.51	100%	25,200
94.154.35.215	93%	39,934
158.94.211.220	82%	34
91.92.240.214	89%	682

IP Address	Confidence	Events
89.190.156.148	43%	5
45.148.10.192	100%	30,002
45.148.10.240	100%	532,867
185.242.3.105	93%	1,031
176.65.149.253	98%	1,612