Check an IP Address, Domain Name, Subnet, or ASN

216.180.246.198 was found in our database!

Confidence Level

83%

Very High?

Geolocation

🇺🇸

United States

ISPGoogle LLC

ASNAS396982

Activity Timeline

First seenJan 26, 2026, 06:36 PM

Last seen2h ago

105Sessions

123Events

Protocol Breakdown

HTTPS

52 / 59

SSH

22 / 25

HTTP

12 / 12

TELNET

8 / 8

RTSP

7 / 7

SMTP

2 / 6

REDIS

2 / 6

216.180.246.198 has a very high threat confidence level of 83%, originating from United States, on the Google LLC network (396982). It has been observed across 105 sessions targeting HTTPS, SSH, HTTP, TELNET, RTSP and 2 other protocols, First observed on January 26, 2026, most recently active March 11, 2026.

Behaviors

Classified behavioral patterns observed

Rtsp Options Probe

low4x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

Rtsp Stream Enumeration

low3x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

Http Root Path Request

info5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Smtp Tls Capability Probe

info1x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Http Method Get18 Rtsp Options7 Smtp Ehlo Greeting4 Smtp Starttls Upgrade Request4 Rtsp Describe3 Https Path Root1 Http Path Bad Request1

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromGoogle LLC HTTPSMore threats targetingHTTPS SSHMore threats targetingSSH HTTPMore threats targetingHTTP TELNETMore threats targetingTELNET RTSPMore threats targetingRTSP SMTPMore threats targetingSMTP REDISMore threats targetingREDIS { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
34.158.79.105	100%	12,312
205.210.31.51	90%	216
205.210.31.69	96%	280
205.210.31.223	94%	252
34.81.72.185	100%	728

IP Address	Confidence	Events
162.142.125.118	30%	2,777
3.90.6.14	72%	138
15.181.1.164	77%	242
34.230.71.135	66%	110
167.71.115.113	91%	3,884