Check an IP Address, Domain Name, Subnet, or ASN

74.235.122.210 was found in our database!

$ whois 74.235.122.210

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 74.235.122.210scoring →

confidence

92%Very High

first_seen·Jan 20, 2026

last_seen·1h ago

first_reported·Mar 9, 2026

last_reported·Mar 9, 2026

sessions·173

events·213

reports·1

$ sikker protocols 74.235.122.210

HTTPS

43 / 58

SSH

22 / 27

HTTP

15 / 24

SMTP

16 / 21

MONGODB

12 / 18

SMB

10 / 10

TELNET

10 / 10

ELASTICSEARCH

9 / 9

RDP

8 / 8

IMAP

8 / 8

POSTGRES

7 / 7

FTP

4 / 4

DOCKER

4 / 4

REDIS

3 / 3

SIP

2 / 2

MSSQL

0 / 0 / 1r

$ sikker summary 74.235.122.210

74.235.122.210 has a threat confidence score of 92%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 173 honeypot sessions and reported 1 times targeting HTTPS, SSH, HTTP, SMTP, MONGODB and 11 other protocols. First observed on January 20, 2026, most recently active April 22, 2026.

$ sikker behaviors 74.235.122.210catalog →

mediumSip Call Id Token At Ip2x

SIP activity where the Call-ID follows a token@IP format, a pattern commonly generated by automated scanners and SIP tooling rather than standard client implementations, indicating non-human or enumeration-driven behavior.

lowHttps Path Developmentserver Metadatauploader Probe1x

HTTPS request to /developmentserver/metadatauploader.

infoHttp Root Path Request8x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 74.235.122.210

elastic_http_get_request11 http_method_get9 elastic_http_bad_request_path_probe7 mongodb_buildinfo6 docker_get_method4 smtp_ehlo_greeting4 sip_call_id_token_at_ip2 redis_info_lowercase1 http_path_bad_request1 redis_mglndd_client_identifier_tag1 https_path_developmentserver_metadatauploader1

$ sikker reports 74.235.122.210submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 9, 2026, 17:13	Brute Force	MSSQL	SikkerGuard: 2 blocked packets

$ sikker related 74.235.122.210

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.168.120.227	94%	205
172.203.234.251	51%	566
20.65.195.109	93%	208
135.233.97.43	76%	156
20.168.123.252	66%	84

IP Address	Confidence	Events
66.228.42.14	40%	3
66.240.223.208	99%	239
185.218.138.26	97%	22,584
209.127.178.131	96%	7,158
43.159.148.221	45%	65