Check an IP Address, Domain Name, Subnet, or ASN

104.131.0.219 was found in our database!

$ whois 104.131.0.219

country·🇺🇸 United States

city·Clifton

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 104.131.0.219scoring →

confidence

72%High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·28

events·39

$ sikker protocols 104.131.0.219

HTTP

11 / 17

HTTPS

10 / 11

RTSP

4 / 6

IMAP

1 / 3

SSH

1 / 1

TELNET

1 / 1

$ sikker summary 104.131.0.219

104.131.0.219 has a threat confidence score of 72%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 28 honeypot sessions targeting HTTP, HTTPS, RTSP, IMAP, SSH and 1 other protocols. First observed on January 23, 2026, most recently active March 20, 2026.

$ sikker behaviors 104.131.0.219catalog →

mediumRtsp Credentialed Options Probe1x

RTSP OPTIONS request containing embedded credentials in the URI (for example admin:password@host). Unlike standard discovery probes, this indicates an automated attempt to enumerate camera or media endpoints while testing known or default credentials. This pattern is commonly associated with IoT botnets and opportunistic scanners targeting exposed RTSP services rather than passive measurement traffic.

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 104.131.0.219

http_method_get7 rtsp_options3 rtsp_describe3 rtsp_options_with_admin_credentials3 https_path_root2

$ sikker related 104.131.0.219

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→RTSP·More threats targetingRTSP→IMAP·More threats targetingIMAP→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
137.184.148.191	69%	65
165.22.243.79	88%	164
142.93.145.126	94%	251
68.183.238.42	90%	300
104.248.160.105	58%	575

IP Address	Confidence	Events
137.184.148.191	69%	65
104.22.20.109	20%	724
170.106.167.247	93%	215
20.102.112.104	81%	462
68.68.101.178	92%	2,767