Check an IP Address, Domain Name, Subnet, or ASN

170.187.158.119 was found in our database!

$ whois 170.187.158.119

country·🇺🇸 United States

city·Atlanta

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 170.187.158.119scoring →

confidence

71%High

first_seen·Mar 1, 2026

last_seen·1h ago

sessions·103

events·103

$ sikker protocols 170.187.158.119

MONGODB

39 / 39

SMTP

31 / 31

HTTPS

16 / 16

HTTP

7 / 7

RDP

5 / 5

DOCKER

3 / 3

IMAP

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 170.187.158.119

170.187.158.119 has a threat confidence score of 71%. This IP address from United States (AS63949, Akamai Connected Cloud) has been observed in 103 honeypot sessions targeting MONGODB, SMTP, HTTPS, HTTP, RDP and 3 other protocols. First observed on March 1, 2026, most recently active April 2, 2026.

$ sikker behaviors 170.187.158.119catalog →

mediumRdp Nla Ntlm Authentication Attempt1x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoSmtp Tls Capability Probe1x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 170.187.158.119

elastic_http_get_request4 http_method_get3 docker_get_method3 rdp_nla_ntlm_auth1 smtp_ehlo_greeting1 elastic_root_path_probe1 elastic_nodes_enumeration1 smtp_starttls_upgrade_request1

$ sikker related 170.187.158.119

🇺🇸·More threats fromUnited States→AS·More threats fromAkamai Connected Cloud→MONG·More threats targetingMONGODB→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→DOCK·More threats targetingDOCKER→IMAP·More threats targetingIMAP→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.33.12.122	80%	1,776
66.228.62.150	77%	1,837
45.79.8.221	81%	1,998
45.33.12.214	81%	2,214
173.255.221.189	76%	1,535

IP Address	Confidence	Events
195.184.76.160	74%	124
45.61.184.223	99%	41,538
3.132.26.232	100%	14,851
45.33.12.122	80%	1,795
24.227.77.18	86%	6,710