3.134.216.108 — Amazon.com, Inc., US — Very High (97%)

Check an IP Address, Domain Name, Subnet, or ASN

3.134.216.108 was found in our database!

Confidence Level

97%

Very High?

Geolocation

🇺🇸

United StatesColumbus

ISPAmazon.com, Inc.

ASNAS16509

Activity Timeline

First seenFeb 11, 2026, 11:04 AM

Last seen2d ago

2,961Sessions

3,676Events

Protocol Breakdown

SMTP

175 / 585

HTTP

539 / 540

IMAP

400 / 413

HTTPS

355 / 356

REDIS

140 / 300

SIP

170 / 296

RTSP

258 / 262

SSH

201 / 201

POSTGRES

172 / 172

TELNET

169 / 169

MONGODB

118 / 118

SMB

104 / 104

MSSQL

63 / 63

FTP

57 / 57

ELASTICSEARCH

38 / 38

DOCKER

2 / 2

3.134.216.108 has a very high threat confidence level of 97%, originating from Columbus, United States, on the Amazon.com, Inc. network (16509). It has been observed across 2,961 sessions targeting SMTP, HTTP, IMAP, HTTPS, REDIS and 11 other protocols, First observed on February 11, 2026, most recently active February 28, 2026.

Behaviors

Classified behavioral patterns observed

Redis Service Fingerprint Enumeration

low17x

Identifies Redis service discovery and basic environment enumeration where an actor probes with invalid commands, validates availability using PING, retrieves server metadata via INFO (case variations), and gracefully exits with QUIT. This pattern is commonly used to fingerprint exposed Redis instances before exploitation.

Redis Automated Service Fingerprinting Sequence

low17x

Identifies an automated Redis service probing sequence consisting of PING, INFO (uppercase invocation), execution of a deliberately nonexistent command to assess error handling behavior, and QUIT. This tightly grouped pattern reflects reconnaissance and fingerprinting activity used by scanners and exploitation frameworks to determine Redis version, configuration details, and command availability prior to follow-on exploitation attempts. The inclusion of a nonexistent command indicates capability probing rather than normal client interaction.

Https Root Path Request

info43x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Bad Request Route Probe

info3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Elastic Http Get Request169 Elastic Http Bad Request Path Probe108 Elastic Root Path Probe61 Https Path Root43 Redis Ping17 Redis Quit17 Mongodb Ismaster17 Redis Info Uppercase17 Redis Nonexistent Command17 Docker Get Method9 Docker Bad Request Uri5 Http Method Get3 Http Path Bad Request3

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
16.58.56.214	99%	17,546
43.200.46.150	41%	3
3.77.24.41	61%	799
18.116.101.220	99%	17,339
52.36.131.235	61%	786

IP Address	Confidence	Events
16.58.56.214	99%	17,564
184.105.247.196	99%	1,767
198.235.24.144	74%	73
44.220.188.39	55%	34
162.216.150.97	71%	116