Check an IP Address, Domain Name, Subnet, or ASN

216.180.246.200 was found in our database!

$ whois 216.180.246.200

country·🇺🇸 United States

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 216.180.246.200scoring →

confidence

86%Very High

first_seen·Jan 23, 2026

last_seen·1h ago

first_reported·Mar 14, 2026

last_reported·6d ago

sessions·86

events·111

reports·1

$ sikker protocols 216.180.246.200

HTTP

25 / 35 / 1r

SMB

18 / 18

SSH

10 / 13

IMAP

8 / 8

HTTPS

8 / 8

TELNET

6 / 8

MONGODB

3 / 7

POSTGRES

4 / 7

FTP

2 / 5

RTSP

2 / 2

$ sikker summary 216.180.246.200

216.180.246.200 has a threat confidence score of 86%. This IP address from United States (AS396982, Google LLC) has been observed in 86 honeypot sessions and reported 1 times targeting HTTP, SMB, SSH, IMAP, HTTPS and 5 other protocols. First observed on January 23, 2026, most recently active March 21, 2026.

$ sikker behaviors 216.180.246.200catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoMongodb Serverstatus Discovery1x

Client issues MongoDB serverStatus requests and disconnects shortly after, indicating service inspection rather than active database interaction. This pattern is commonly associated with automated discovery activity where scanners collect runtime metrics or confirm database exposure without performing further queries.

$ sikker primitives 216.180.246.200

http_method_get14 mongodb_serverstatus3 rtsp_options2 http_path_bad_request2 ftp_auth_tls1 rtsp_describe1

$ sikker reports 216.180.246.200submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 14, 2026, 10:55	Brute Force	HTTP	SikkerGuard: 32 blocked packets

$ sikker related 216.180.246.200

🇺🇸·More threats fromUnited States→AS·More threats fromGoogle LLC→HTTP·More threats targetingHTTP→SMB·More threats targetingSMB→SSH·More threats targetingSSH→IMAP·More threats targetingIMAP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→MONG·More threats targetingMONGODB→POST·More threats targetingPOSTGRES→FTP·More threats targetingFTP→RTSP·More threats targetingRTSP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
162.216.150.89	63%	134
147.185.133.161	63%	148
162.216.149.170	82%	197
205.210.31.186	96%	234
34.38.83.65	100%	866

IP Address	Confidence	Events
38.54.104.5	97%	372
3.129.187.38	100%	29,147
162.216.150.89	63%	134
162.142.125.116	50%	2,762
185.242.226.39	98%	1,992