Check an IP Address, Domain Name, Subnet, or ASN

216.180.246.89 was found in our database!

$ whois 216.180.246.89

country·🇺🇸 United States

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 216.180.246.89scoring →

confidence

70%High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·113

events·149

$ sikker protocols 216.180.246.89

HTTPS

60 / 68

HTTP

43 / 65

WINRM

3 / 6

MONGODB

2 / 5

SMTP

3 / 3

SSH

2 / 2

$ sikker summary 216.180.246.89

216.180.246.89 has a threat confidence score of 70%. This IP address from United States (AS396982, Google LLC) has been observed in 113 honeypot sessions targeting HTTPS, HTTP, WINRM, MONGODB, SMTP and 1 other protocols. First observed on January 21, 2026, most recently active March 22, 2026.

$ sikker behaviors 216.180.246.89catalog →

infoHttp Root Path Request14x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoSmtp Tls Capability Probe1x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 216.180.246.89

http_method_get44 https_path_root2 http_path_bad_request2 smtp_ehlo_greeting1 smtp_starttls_upgrade_request1

$ sikker related 216.180.246.89

🇺🇸·More threats fromUnited States→AS·More threats fromGoogle LLC→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→WINR·More threats targetingWINRM→MONG·More threats targetingMONGODB→SMTP·More threats targetingSMTP→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
216.180.246.35	64%	138
205.210.31.29	93%	179
34.77.191.38	100%	1,350
147.185.132.21	97%	307
34.81.42.153	100%	1,123

IP Address	Confidence	Events
159.223.153.15	33%	2
96.0.160.144	87%	21,272
66.132.172.105	85%	56
68.68.101.178	92%	4,581
92.118.39.63	100%	50,721