Check an IP Address, Domain Name, Subnet, or ASN

170.130.187.46 was found in our database!

$ whois 170.130.187.46

country·🇺🇸 United States

city·Los Angeles

isp·Eonix Corporation

asn·AS62904

network·Standard

$ sikker risk 170.130.187.46scoring →

confidence

80%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·110

events·173

$ sikker protocols 170.130.187.46

SMB

21 / 26

FTP

13 / 25

HTTPS

13 / 23

IMAP

12 / 22

SSH

13 / 20

HTTP

11 / 13

SMTP

5 / 11

SIP

6 / 8

TELNET

6 / 8

REDIS

2 / 6

RDP

4 / 4

MONGODB

1 / 4

POSTGRES

3 / 3

$ sikker summary 170.130.187.46

170.130.187.46 has a threat confidence score of 80%. This IP address from United States (AS62904, Eonix Corporation) has been observed in 110 honeypot sessions targeting SMB, FTP, HTTPS, IMAP, SSH and 8 other protocols. First observed on January 21, 2026, most recently active April 4, 2026.

$ sikker behaviors 170.130.187.46catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoFtp Tls Upgrade11x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 170.130.187.46

ftp_auth_tls11 http_method_get3 https_path_root3 redis_info_lowercase2 sip_call_id_alphanumeric_entropy2 imap_capability_probe1 sip_call_id_token_at_ip1 rdp_legacy_plaintext_authenthication1

$ sikker related 170.130.187.46

Report IP WHOIS Lookup →

IP Address	Confidence	Events
170.130.187.58	83%	253
104.206.128.66	90%	234
170.130.187.26	87%	229
104.206.128.50	81%	184
104.206.128.62	86%	250

IP Address	Confidence	Events
104.234.19.10	77%	243
173.239.218.151	78%	256
92.118.39.92	100%	109,676
92.118.39.62	100%	387,807
147.185.132.58	96%	360