Check an IP Address, Domain Name, Subnet, or ASN

216.180.246.229 was found in our database!

$ whois 216.180.246.229

country·🇺🇸 United States

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 216.180.246.229scoring →

confidence

76%High

first_seen·Jan 22, 2026

last_seen·1h ago

sessions·105

events·146

$ sikker protocols 216.180.246.229

HTTP

47 / 75

HTTPS

39 / 46

SMTP

9 / 9

MONGODB

5 / 8

FTP

2 / 5

MSSQL

3 / 3

$ sikker summary 216.180.246.229

216.180.246.229 has a threat confidence score of 76%. This IP address from United States (AS396982, Google LLC) has been observed in 105 honeypot sessions targeting HTTP, HTTPS, SMTP, MONGODB, FTP and 1 other protocols. First observed on January 22, 2026, most recently active April 7, 2026.

$ sikker behaviors 216.180.246.229catalog →

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get3x

HTTP request using GET method.

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoSmtp Tls Capability Probe1x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 216.180.246.229

http_method_get40 http_path_bad_request3 ftp_auth_tls1 https_path_root1 smtp_ehlo_greeting1 smtp_starttls_upgrade_request1 mongodb_serverstatus_float_command1

$ sikker related 216.180.246.229

🇺🇸·More threats fromUnited States→AS·More threats fromGoogle LLC→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→SMTP·More threats targetingSMTP→MONG·More threats targetingMONGODB→FTP·More threats targetingFTP→MSSQ·More threats targetingMSSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
34.77.197.173	92%	33
34.53.158.15	96%	66
34.166.82.59	97%	396
205.210.31.192	97%	308
34.182.102.90	80%	8,758

IP Address	Confidence	Events
3.129.187.38	100%	40,192
185.218.138.21	97%	10,606
167.172.157.170	100%	7,226
137.184.65.234	100%	7,931
193.56.116.132	81%	481