Check an IP Address, Domain Name, Subnet, or ASN

217.9.250.84 was found in our database!

$ whois 217.9.250.84

country·🇱🇹 Lithuania

isp·Cyberzone S.A.

asn·AS209854

network·Standard

$ sikker risk 217.9.250.84scoring →

confidence

86%Very High

first_seen·Mar 31, 2026

last_seen·13d ago

sessions·327

events·327

$ sikker protocols 217.9.250.84

HTTPS

141 / 141

SIP

106 / 106

HTTP

43 / 43

RDP

22 / 22

SMTP

7 / 7

SSH

5 / 5

DOCKER

3 / 3

$ sikker summary 217.9.250.84

217.9.250.84 has a threat confidence score of 86%. This IP address from Lithuania (AS209854, Cyberzone S.A.) has been observed in 327 honeypot sessions targeting HTTPS, SIP, HTTP, RDP, SMTP and 2 other protocols. First observed on March 31, 2026, most recently active April 5, 2026.

$ sikker behaviors 217.9.250.84catalog →

infoHttps Root Path Request11x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Direct Bad Request Endpoint Access1x

Identifies direct HTTPS requests to the /bad-request path, indicating manual or automated probing of error-handling routes rather than normal application flow.

$ sikker primitives 217.9.250.84

https_path_root11 docker_get_method11 docker_bad_request_uri11 http_method_get1 http_path_bad_request1 https_path_bad_request1

$ sikker related 217.9.250.84

🇱🇹·More threats fromLithuania→AS·More threats fromCyberzone S.A.→HTTP·More threats targetingHTTPS→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→SMTP·More threats targetingSMTP→SSH·More threats targetingSSH→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
92.62.120.134	94%	113
172.216.11.43	56%	11
89.117.42.76	34%	2
82.140.187.46	95%	20
89.117.42.36	45%	1

IP Address	Confidence	Events
141.98.11.59	100%	16,362
141.98.9.61	70%	8
213.130.207.177	32%	83
185.237.185.6	89%	237
185.36.81.23	67%	476