Check an IP Address, Domain Name, Subnet, or ASN

71.6.146.185 was found in our database!

$ whois 71.6.146.185

country·🇺🇸 United States

isp·CariNet, Inc.

asn·AS10439

network·Standard

$ sikker risk 71.6.146.185scoring →

confidence

100%Very High

first_seen·Jan 22, 2026

last_seen·23h ago

first_reported·Feb 28, 2026

last_reported·Mar 20, 2026

sessions·2,926

events·3,759

reports·5

$ sikker protocols 71.6.146.185

SMTP

917 / 1,473

FTP

487 / 529 / 2r

IMAP

387 / 387

HTTPS

264 / 360

TELNET

241 / 246

HTTP

131 / 174 / 2r

SSH

130 / 164

POSTGRES

107 / 118

DOCKER

59 / 95

SMB

49 / 49 / 1r

RTSP

31 / 39

REDIS

36 / 36

SIP

27 / 29

RDP

27 / 27

ELASTICSEARCH

19 / 19

MSSQL

14 / 14

$ sikker summary 71.6.146.185

71.6.146.185 has a threat confidence score of 100%. This IP address from United States (AS10439, CariNet, Inc.) has been observed in 2,926 honeypot sessions and reported 5 times targeting SMTP, FTP, IMAP, HTTPS, TELNET and 11 other protocols. First observed on January 22, 2026, most recently active May 9, 2026.

$ sikker behaviors 71.6.146.185catalog →

mediumRedis Structured Service Enumeration18x

Identifies coordinated Redis service reconnaissance consisting of INFO retrieval, CLIENT LIST enumeration of connected peers, and incremental keyspace iteration via SCAN. This tightly grouped pattern reflects automated or manual post-access mapping of server configuration, active clients, and stored keyspace structure. The sequence indicates structured environment profiling prior to potential data extraction or exploitation.

mediumSip Request Uri Sip Nm16x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

mediumRdp Legacy Plaintext Authentication Attempt5x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

lowRtsp Options Probe28x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoSmtp Tls Capability Probe111x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoHttp Root Path Request38x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get37x

HTTP request using GET method.

infoFtp Tls Upgrade33x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request13x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Fetch Robots Txt11x

HTTP GET request to /robots.txt.

$ sikker primitives 71.6.146.185

empty_ftp_command317 smb_root_read190 smtp_ehlo_greeting178 smtp_starttls_upgrade_request165 docker_get_method117 elastic_http_get_request95 ftp_auth_tls79 http_method_get48 ftp_user_probe43 ftp_help_request43 ftp_password_attempt43 ftp_feature_list_request43 rtsp_options37 smb_srvsvc_rpc_bind36 docker_bad_request_uri35 sip_request_uri_sip_nm23 elastic_root_path_probe19 elastic_nodes_enumeration19 elastic_cluster_stats_request19 elastic_http_favicon_path_probe19

$ sikker reports 71.6.146.185submit →

Showing 5 of 5 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 20, 2026, 20:50	Brute Force	SMB	SikkerGuard: 2 blocked packets
User	Mar 19, 2026, 14:56	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 12, 2026, 19:51	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 10, 2026, 11:04	Brute Force	FTP	SikkerGuard: 2 blocked packets
User	Feb 28, 2026, 12:15	Brute Force	FTP	SikkerGuard: 2 blocked packets

$ sikker related 71.6.146.185

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.240.205.34	85%	2,754
71.6.135.131	100%	4,281
71.6.167.142	100%	2,800
66.240.192.82	98%	903
71.6.199.65	100%	2,775

IP Address	Confidence	Events
199.127.61.159	100%	1,390
172.86.105.127	91%	128
165.227.126.13	42%	4
173.239.254.90	85%	706
155.138.210.119	67%	871