Check an IP Address, Domain Name, Subnet, or ASN

104.248.143.70 was found in our database!

$ whois 104.248.143.70

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 104.248.143.70scoring →

confidence

87%Very High

first_seen·Apr 5, 2026

last_seen·1h ago

sessions·159

events·159

$ sikker protocols 104.248.143.70

HTTPS

45 / 45

HTTP

40 / 40

SMTP

28 / 28

FTP

24 / 24

IMAP

14 / 14

SIP

6 / 6

TELNET

2 / 2

$ sikker summary 104.248.143.70

104.248.143.70 has a threat confidence score of 87%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 159 honeypot sessions targeting HTTPS, HTTP, SMTP, FTP, IMAP and 2 other protocols. First observed on April 5, 2026, most recently active April 12, 2026.

$ sikker behaviors 104.248.143.70catalog →

infoHttp Http Method Get9x

HTTP request using GET method.

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade2x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoSmtp Tls Capability Probe2x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 104.248.143.70

http_method_get20 empty_ftp_command15 https_path_root6 http_path_bad_request6 ftp_auth_tls2 smtp_ehlo_greeting2 smtp_starttls_upgrade_request2 sip_request_uri_sip_nm1

$ sikker related 104.248.143.70

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→SMTP·More threats targetingSMTP→FTP·More threats targetingFTP→IMAP·More threats targetingIMAP→SIP·More threats targetingSIP→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
167.71.217.52	91%	154
134.199.167.53	39%	4
164.92.124.232	84%	3,095
165.232.189.221	39%	4
170.64.168.251	28%	40

IP Address	Confidence	Events
158.173.154.36	85%	16,211
87.98.245.221	99%	7,968
193.24.210.169	76%	2,505
158.173.154.29	85%	1,101
162.55.94.103	100%	598