Check an IP Address, Domain Name, Subnet, or ASN

134.199.172.24 was found in our database!

$ whois 134.199.172.24

country·🇦🇺 Australia

city·Sydney

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 134.199.172.24scoring →

confidence

78%High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·31

events·38

$ sikker protocols 134.199.172.24

HTTPS

15 / 16

HTTP

6 / 8

RTSP

3 / 7

SIP

3 / 3

SSH

2 / 2

IMAP

1 / 1

REDIS

1 / 1

$ sikker summary 134.199.172.24

134.199.172.24 has a threat confidence score of 78%. This IP address from Australia (AS14061, DigitalOcean, LLC) has been observed in 31 honeypot sessions targeting HTTPS, HTTP, RTSP, SIP, SSH and 2 other protocols. First observed on January 23, 2026, most recently active April 1, 2026.

$ sikker behaviors 134.199.172.24catalog →

mediumRtsp Credentialed Options Probe2x

RTSP OPTIONS request containing embedded credentials in the URI (for example admin:password@host). Unlike standard discovery probes, this indicates an automated attempt to enumerate camera or media endpoints while testing known or default credentials. This pattern is commonly associated with IoT botnets and opportunistic scanners targeting exposed RTSP services rather than passive measurement traffic.

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 134.199.172.24

http_method_get6 https_path_root6 rtsp_options4 rtsp_options_with_admin_credentials4 redis_info_lowercase1

$ sikker related 134.199.172.24

🇦🇺·More threats fromAustralia→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→RTSP·More threats targetingRTSP→SIP·More threats targetingSIP→SSH·More threats targetingSSH→IMAP·More threats targetingIMAP→REDI·More threats targetingREDIS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
209.38.206.9	92%	15
157.245.143.12	91%	160
64.227.15.74	94%	120
159.89.50.199	92%	134
146.190.79.63	100%	1,282

IP Address	Confidence	Events
161.43.85.22	22%	65
20.40.73.192	100%	854
122.148.199.165	47%	328
162.158.168.159	13%	228
162.158.168.158	12%	205