Check an IP Address, Domain Name, Subnet, or ASN

46.110.45.245 was found in our database!

$ whois 46.110.45.245

country·🇺🇸 United States

city·Connersville

isp·Metronet

asn·AS30600

network·Standard

$ sikker risk 46.110.45.245scoring →

confidence

99%Very High

first_seen·Apr 4, 2026

last_seen·3d ago

sessions·51

events·51

$ sikker protocols 46.110.45.245

TELNET

50 / 50

HTTP

1 / 1

$ sikker summary 46.110.45.245

46.110.45.245 has a threat confidence score of 99%. This IP address from United States (AS30600, Metronet) has been observed in 51 honeypot sessions targeting TELNET, HTTP protocols. Detected attack patterns include http get ping cgi command injection wget arm7, http ping command injection download execute arm7, telnet shell escalation with busybox execution attempt. First observed on April 4, 2026, most recently active April 25, 2026.

$ sikker behaviors 46.110.45.245catalog →

very_highHttp Get Ping Cgi Command Injection Wget Arm71x

HTTP GET request to /ping.cgi with command injection payload downloading and executing ARM7 binary via wget.

very_highHttp Ping Command Injection Download Execute Arm71x

HTTP GET request exploiting pingIpAddress parameter command injection to download an ARM7 binary via wget, write it to /tmp, set executable permissions, and execute it.

highTelnet Shell Escalation With Busybox Execution Attempt13x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 46.110.45.245

telnet_command_enable50 telnet_command_system50 telnet_command_shell19 telnet_command_sh15 telnet_busybox_unknown_applet_invocation13 http_method_get1 http_path_ping_cgi1 http_ping_parameter_command_injection_wget_arm7_payload1

$ sikker related 46.110.45.245

🇺🇸·More threats fromUnited States→AS·More threats fromMetronet→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
46.110.81.88	98%	65
46.110.173.90	60%	48
162.221.222.179	89%	902
152.117.111.93	23%	95
216.82.43.156	19%	59

IP Address	Confidence	Events
38.165.17.45	79%	304
209.127.178.131	96%	12,013
209.126.82.146	93%	1,210
43.130.174.100	95%	618
135.233.112.94	92%	178