Check an IP Address, Domain Name, Subnet, or ASN

173.220.52.26 was found in our database!

$ whois 173.220.52.26

country·🇺🇸 United States

city·Bay Shore

isp·Cablevision Systems Corp.

asn·AS6128

network·Standard

$ sikker risk 173.220.52.26scoring →

confidence

98%Very High

first_seen·Mar 31, 2026

last_seen·16d ago

sessions·388

events·388

$ sikker protocols 173.220.52.26

SIP

316 / 316

HTTP

36 / 36

HTTPS

36 / 36

$ sikker summary 173.220.52.26

173.220.52.26 has a threat confidence score of 98%. This IP address from United States (AS6128, Cablevision Systems Corp.) has been observed in 388 honeypot sessions targeting SIP, HTTP, HTTPS protocols. First observed on March 31, 2026, most recently active April 1, 2026.

$ sikker behaviors 173.220.52.26catalog →

mediumSip Unsolicited Invite To Long Numeric Target144x

Represents an unsolicited SIP INVITE request targeting a long numeric destination, with the request accepted for processing by the SIP server (100 Trying). While the Call-ID format appears consistent with legitimate SIP implementations, the absence of prior registration and the use of a PSTN-style numeric target indicate probing of call routing or gateway behavior rather than normal call setup. This behavior is commonly observed during early-stage toll-fraud reconnaissance or PBX routing validation.

infoHttp Root Path Request24x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request11x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 173.220.52.26

sip_call_id_alphanumeric_entropy148 sip_invite_request144 http_method_get24 https_path_root11 sip_register_request4

$ sikker related 173.220.52.26

🇺🇸·More threats fromUnited States→AS·More threats fromCablevision Systems Corp.→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
67.85.146.216	48%	429
24.45.250.145	94%	1,095
67.81.118.42	46%	375
69.126.144.30	49%	460
144.62.246.70	31%	52

IP Address	Confidence	Events
185.218.138.16	97%	20,218
185.218.138.17	97%	21,522
92.118.39.62	100%	393,334
18.218.118.203	100%	46,111
144.172.106.225	94%	51