Check an IP Address, Domain Name, Subnet, or ASN

69.164.207.12 was found in our database!

$ whois 69.164.207.12

country·🇺🇸 United States

city·Richardson

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 69.164.207.12scoring →

confidence

80%Very High

first_seen·Feb 27, 2026

last_seen·1h ago

sessions·274

events·274

$ sikker protocols 69.164.207.12

MONGODB

197 / 197

REDIS

41 / 41

RDP

13 / 13

HTTPS

13 / 13

HTTP

5 / 5

ELASTICSEARCH

3 / 3

SMTP

1 / 1

TELNET

1 / 1

$ sikker summary 69.164.207.12

69.164.207.12 has a threat confidence score of 80%. This IP address from United States (AS63949, Akamai Connected Cloud) has been observed in 274 honeypot sessions targeting MONGODB, REDIS, RDP, HTTPS, HTTP and 3 other protocols. First observed on February 27, 2026, most recently active April 30, 2026.

$ sikker behaviors 69.164.207.12catalog →

mediumRdp Nla Ntlm Authentication Attempt3x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 69.164.207.12

elastic_http_get_request22 elastic_http_bad_request_path_probe12 elastic_root_path_probe4 http_method_get3 rdp_nla_ntlm_auth3 elastic_nodes_enumeration2 smtp_ehlo_greeting1 redis_info_uppercase1

$ sikker related 69.164.207.12

🇺🇸·More threats fromUnited States→AS·More threats fromAkamai Connected Cloud→MONG·More threats targetingMONGODB→REDI·More threats targetingREDIS→RDP·More threats targetingRDP→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→ELAS·More threats targetingELASTICSEARCH→SMTP·More threats targetingSMTP→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.234.217.192	95%	1,292
45.79.183.240	8%	2
192.53.122.228	27%	6
192.81.131.94	69%	157
45.79.178.178	57%	5

IP Address	Confidence	Events
130.51.23.107	97%	3,098
205.210.31.201	99%	459
172.221.167.155	76%	186
65.49.1.228	59%	113
65.49.1.230	60%	178