Check an IP Address, Domain Name, Subnet, or ASN

23.239.29.226 was found in our database!

$ whois 23.239.29.226

country·🇺🇸 United States

city·Richardson

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 23.239.29.226scoring →

confidence

62%High

first_seen·Mar 7, 2026

last_seen·1h ago

sessions·29

events·29

$ sikker protocols 23.239.29.226

HTTPS

16 / 16

RDP

4 / 4

IMAP

3 / 3

SMTP

2 / 2

DOCKER

1 / 1

TELNET

1 / 1

MONGODB

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 23.239.29.226

23.239.29.226 has a threat confidence score of 62%. This IP address from United States (AS63949, Akamai Connected Cloud) has been observed in 29 honeypot sessions targeting HTTPS, RDP, IMAP, SMTP, DOCKER and 3 other protocols. First observed on March 7, 2026, most recently active April 22, 2026.

$ sikker behaviors 23.239.29.226catalog →

mediumRdp Nla Ntlm Authentication Attempt1x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoSmtp Tls Capability Probe1x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 23.239.29.226

docker_get_method14 elastic_http_get_request14 docker_bad_request_uri12 elastic_http_bad_request_path_probe12 elastic_root_path_probe2 mongodb_ismaster1 rdp_nla_ntlm_auth1 smtp_ehlo_greeting1 https_auth_html_access1 smtp_starttls_upgrade_request1

$ sikker related 23.239.29.226

🇺🇸·More threats fromUnited States→AS·More threats fromAkamai Connected Cloud→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→IMAP·More threats targetingIMAP→SMTP·More threats targetingSMTP→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→MONG·More threats targetingMONGODB→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.228.53.4	91%	1,155
139.162.117.40	70%	1,068
66.228.38.9	16%	8
66.228.38.168	25%	5
173.255.232.124	79%	152

IP Address	Confidence	Events
68.178.166.155	11%	16
64.78.245.164	39%	9
3.91.185.242	95%	194
216.226.76.20	60%	6
161.35.117.174	63%	15