Check an IP Address, Domain Name, Subnet, or ASN

205.210.31.132 was found in our database!

$ whois 205.210.31.132

country·🇺🇸 United States

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 205.210.31.132scoring →

confidence

88%Very High

first_seen·Jan 23, 2026

last_seen·2h ago

first_reported·Mar 5, 2026

last_reported·11d ago

sessions·123

events·139

reports·1

$ sikker protocols 205.210.31.132

SMB

34 / 34

HTTP

19 / 21

HTTPS

13 / 15

FTP

13 / 13

IMAP

12 / 12

SSH

9 / 11

SIP

2 / 7

SMTP

5 / 6 / 1r

WINRM

2 / 6

TELNET

4 / 4

RTSP

3 / 3

MONGODB

3 / 3

MSSQL

2 / 2

RDP

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 205.210.31.132

205.210.31.132 has a threat confidence score of 88%. This IP address from United States (AS396982, Google LLC) has been observed in 123 honeypot sessions and reported 1 times targeting SMB, HTTP, HTTPS, FTP, IMAP and 10 other protocols. First observed on January 23, 2026, most recently active March 17, 2026.

$ sikker behaviors 205.210.31.132catalog →

lowRtsp Options Probe3x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade8x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 205.210.31.132

http_method_get12 ftp_auth_tls8 https_path_root4 rtsp_options3 http_path_bad_request3 imap_capability_probe1 elastic_root_path_probe1 elastic_http_get_request1

$ sikker reports 205.210.31.132submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 5, 2026, 18:41	Brute Force	SMTP	SikkerGuard: 2 blocked packets

$ sikker related 205.210.31.132

Report IP WHOIS Lookup →

IP Address	Confidence	Events
34.78.250.111	65%	41
35.203.210.28	81%	202
34.77.251.30	62%	31
34.158.79.105	100%	20,634
35.240.62.18	99%	213

IP Address	Confidence	Events
172.245.195.18	98%	4,623
40.117.97.0	100%	896
146.190.65.168	77%	11
146.190.68.133	83%	116
162.254.3.130	87%	10,217