Check an IP Address, Domain Name, Subnet, or ASN

216.180.246.136 was found in our database!

$ whois 216.180.246.136

country·🇺🇸 United States

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 216.180.246.136scoring →

confidence

72%High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·112

events·132

$ sikker protocols 216.180.246.136

HTTPS

34 / 38

SMTP

36 / 36

HTTP

19 / 19

SMB

18 / 18

REDIS

3 / 16

FTP

2 / 5

$ sikker summary 216.180.246.136

216.180.246.136 has a threat confidence score of 72%. This IP address from United States (AS396982, Google LLC) has been observed in 112 honeypot sessions targeting HTTPS, SMTP, HTTP, SMB, REDIS and 1 other protocols. First observed on January 23, 2026, most recently active March 17, 2026.

$ sikker behaviors 216.180.246.136catalog →

infoHttp Root Path Request8x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoSmtp Tls Capability Probe1x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 216.180.246.136

http_method_get29 https_path_root3 ftp_auth_tls1 smtp_ehlo_greeting1 http_path_bad_request1 smtp_starttls_upgrade_request1

$ sikker related 216.180.246.136

🇺🇸·More threats fromUnited States→AS·More threats fromGoogle LLC→HTTP·More threats targetingHTTPS→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTP→SMB·More threats targetingSMB→REDI·More threats targetingREDIS→FTP·More threats targetingFTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
34.182.102.90	81%	473
136.119.173.252	30%	2
198.235.24.104	94%	323
147.185.132.15	94%	299
205.210.31.201	97%	289

IP Address	Confidence	Events
40.80.204.175	77%	171
92.118.39.87	100%	247,163
96.0.160.144	87%	12,913
15.204.128.147	96%	1,027
162.254.3.130	87%	10,577