Check an IP Address, Domain Name, Subnet, or ASN

109.73.243.130 was found in our database!

$ whois 109.73.243.130

country·🇵🇸 Palestine

city·Ramallah

isp·Gemzo information technology Private Joint-Stock company

asn·AS51336

network·Standard

$ sikker risk 109.73.243.130scoring →

confidence

95%Very High

first_seen·Apr 9, 2026

last_seen·1h ago

sessions·166

events·166

$ sikker protocols 109.73.243.130

SIP

128 / 128

HTTP

20 / 20

HTTPS

18 / 18

$ sikker summary 109.73.243.130

109.73.243.130 has a threat confidence score of 95%. This IP address from Palestine (AS51336, Gemzo information technology Private Joint-Stock company) has been observed in 166 honeypot sessions targeting SIP, HTTP, HTTPS protocols. First observed on April 9, 2026, most recently active April 17, 2026.

$ sikker behaviors 109.73.243.130catalog →

mediumSip Invite Direct Call Attempt Structured4x

Automated SIP INVITE requests initiating direct call setup toward a numeric extension, indicating scripted VoIP interaction rather than passive capability probing. The client attempts to establish a call session (e.g., extension-to-extension dialing such as 100 → 100) using high-entropy Call-ID values, a pattern frequently associated with automated dialers, toll-fraud reconnaissance, or PBX abuse tooling. These interactions validate whether the endpoint accepts call initiation and may precede brute-force registration attempts, relay abuse, or fraudulent outbound call campaigns.

lowSip Options Capability Probe Structured124x

Automated SIP OPTIONS requests used to validate reachable VoIP endpoints and enumerate service capabilities without initiating a call session. The client sends standalone OPTIONS probes with high-entropy or unusually long Call-ID values, a pattern commonly associated with scripted scanning frameworks or VoIP reconnaissance tooling. Such activity is typically observed during infrastructure discovery phases where attackers identify responsive SIP servers, supported methods, and potential targets for toll fraud, brute-force registration attempts, or later exploitation campaigns.

infoHttps Path Robots Txt14x

HTTPS request to /robots.txt.

infoHttp Fetch Robots Txt11x

HTTP GET request to /robots.txt.

$ sikker primitives 109.73.243.130

sip_call_id_long_numeric128 sip_call_id_alphanumeric_entropy128 https_path_robots_txt14 http_method_get13 http_robots_txt_path_probe13 sip_invite_request4

$ sikker related 109.73.243.130

🇵🇸·More threats fromPalestine→AS·More threats fromGemzo information technology Private Joint-Stock company→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
178.214.77.72	86%	127
178.214.77.124	28%	1
178.214.77.70	52%	12
178.214.77.7	84%	2,964
109.73.242.146	27%	2

IP Address	Confidence	Events
82.213.16.222	92%	764
212.14.244.234	83%	1,692
46.43.95.136	72%	4
213.6.203.226	100%	1,131
178.214.77.72	86%	127