Check an IP Address, Domain Name, Subnet, or ASN

104.237.139.218 was found in our database!

$ whois 104.237.139.218

country·🇺🇸 United States

city·Richardson

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 104.237.139.218scoring →

confidence

75%High

first_seen·Feb 28, 2026

last_seen·1h ago

sessions·72

events·72

$ sikker protocols 104.237.139.218

MONGODB

36 / 36

HTTPS

25 / 25

RDP

6 / 6

HTTP

3 / 3

SMTP

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 104.237.139.218

104.237.139.218 has a threat confidence score of 75%. This IP address from United States (AS63949, Akamai Connected Cloud) has been observed in 72 honeypot sessions targeting MONGODB, HTTPS, RDP, HTTP, SMTP and 1 other protocols. First observed on February 28, 2026, most recently active May 5, 2026.

$ sikker behaviors 104.237.139.218catalog →

mediumRdp Nla Ntlm Authentication Attempt2x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 104.237.139.218

elastic_http_get_request14 elastic_http_bad_request_path_probe12 https_path_root8 http_method_get2 rdp_nla_ntlm_auth2 elastic_root_path_probe2 https_request_path_my_policy1

$ sikker related 104.237.139.218

🇺🇸·More threats fromUnited States→AS·More threats fromAkamai Connected Cloud→MONG·More threats targetingMONGODB→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→SMTP·More threats targetingSMTP→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
96.126.104.20	70%	5,410
172.236.127.133	91%	1,196
45.79.181.223	93%	2,427
172.234.217.129	91%	1,272
45.33.80.243	94%	2,282

IP Address	Confidence	Events
206.119.171.75	92%	53
72.167.54.139	77%	994
157.254.223.77	95%	4,848
174.138.183.30	99%	97
66.117.4.184	99%	106