Check an IP Address, Domain Name, Subnet, or ASN

35.203.210.160 was found in our database!

$ whois 35.203.210.160

country·🇬🇧 United Kingdom

city·City of London

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 35.203.210.160scoring →

confidence

85%Very High

first_seen·Jan 24, 2026

last_seen·1h ago

first_reported·Feb 27, 2026

last_reported·27d ago

sessions·104

events·166

reports·1

$ sikker protocols 35.203.210.160

SMTP

42 / 79 / 1r

REDIS

8 / 28

MONGODB

14 / 18

SIP

14 / 14

MSSQL

13 / 13

RTSP

7 / 7

SSH

2 / 2

HTTP

2 / 2

TELNET

1 / 2

HTTPS

1 / 1

$ sikker summary 35.203.210.160

35.203.210.160 has a threat confidence score of 85%. This IP address from United Kingdom (AS396982, Google LLC) has been observed in 104 honeypot sessions and reported 1 times targeting SMTP, REDIS, MONGODB, SIP, MSSQL and 5 other protocols. First observed on January 24, 2026, most recently active March 26, 2026.

$ sikker behaviors 35.203.210.160catalog →

lowRtsp Options Probe5x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoRedis Info Command Invocation6x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 35.203.210.160

smtp_ehlo_greeting25 redis_info_uppercase6 rtsp_options5 mongodb_serverstatus_float_command4 http_method_get2 sip_call_id_alphanumeric_entropy2 https_path_root1

$ sikker reports 35.203.210.160submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Feb 27, 2026, 04:16	Brute Force	SMTP	SikkerGuard: 2 blocked packets

$ sikker related 35.203.210.160

🇬🇧·More threats fromUnited Kingdom→AS·More threats fromGoogle LLC→SMTP·More threats targetingSMTP→REDI·More threats targetingREDIS→MONG·More threats targetingMONGODB→SIP·More threats targetingSIP→MSSQ·More threats targetingMSSQL→RTSP·More threats targetingRTSP→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
147.185.132.16	98%	386
34.79.177.120	98%	88
205.210.31.32	84%	176
34.52.186.237	99%	78
147.185.132.45	98%	309

IP Address	Confidence	Events
194.213.3.5	96%	4,477
91.103.143.74	95%	779
78.153.140.250	99%	1,729
51.89.235.201	89%	57,816
87.236.176.19	85%	479