Check an IP Address, Domain Name, Subnet, or ASN

3.143.162.210 was found in our database!

$ whois 3.143.162.210

country·🇺🇸 United States

city·Columbus

isp·Amazon.com, Inc.

asn·AS16509

network·Standard

$ sikker risk 3.143.162.210scoring →

confidence

98%Very High

first_seen·Feb 11, 2026

last_seen·24m ago

sessions·4,047

events·4,120

$ sikker protocols 3.143.162.210

RTSP

544 / 544

HTTPS

501 / 544

MSSQL

497 / 497

MONGODB

372 / 374

HTTP

315 / 317

SMTP

310 / 310

SIP

274 / 286

REDIS

243 / 256

IMAP

223 / 223

SSH

218 / 218

POSTGRES

189 / 189

SMB

156 / 157

ELASTICSEARCH

60 / 60

FTP

55 / 55

TELNET

54 / 54

RDP

36 / 36

$ sikker summary 3.143.162.210

3.143.162.210 has a threat confidence score of 98%. This IP address from United States (AS16509, Amazon.com, Inc.) has been observed in 4,047 honeypot sessions targeting RTSP, HTTPS, MSSQL, MONGODB, HTTP and 11 other protocols. First observed on February 11, 2026, most recently active March 16, 2026.

$ sikker behaviors 3.143.162.210catalog →

lowRedis Automated Service Fingerprinting Sequence16x

Identifies an automated Redis service probing sequence consisting of PING, INFO (uppercase invocation), execution of a deliberately nonexistent command to assess error handling behavior, and QUIT. This tightly grouped pattern reflects reconnaissance and fingerprinting activity used by scanners and exploitation frameworks to determine Redis version, configuration details, and command availability prior to follow-on exploitation attempts. The inclusion of a nonexistent command indicates capability probing rather than normal client interaction.

lowRedis Service Fingerprint Enumeration13x

Identifies Redis service discovery and basic environment enumeration where an actor probes with invalid commands, validates availability using PING, retrieves server metadata via INFO (case variations), and gracefully exits with QUIT. This pattern is commonly used to fingerprint exposed Redis instances before exploitation.

infoHttps Root Path Request65x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request48x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe21x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 3.143.162.210

elastic_http_get_request285 elastic_http_bad_request_path_probe171 elastic_root_path_probe114 http_method_get99 https_path_root66 mongodb_ismaster50 http_path_bad_request48 redis_ping22 redis_command_http_host_header_port_637922 redis_info_uppercase21 redis_nonexistent_command21 redis_quit16

$ sikker related 3.143.162.210

Report IP WHOIS Lookup →

IP Address	Confidence	Events
3.151.241.153	98%	4,022
13.158.27.71	95%	403
52.196.112.196	51%	4
3.131.220.121	99%	14,211
96.0.160.144	87%	10,815

IP Address	Confidence	Events
167.94.138.183	30%	2,540
92.118.39.63	100%	40,547
206.168.34.37	30%	1,910
73.2.221.162	51%	373
208.3.195.65	100%	91,200