Check an IP Address, Domain Name, Subnet, or ASN

137.184.101.104 was found in our database!

$ whois 137.184.101.104

country·🇺🇸 United States

city·North Bergen

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 137.184.101.104scoring →

confidence

88%Very High

first_seen·Apr 12, 2026

last_seen·36m ago

sessions·70

events·70

$ sikker protocols 137.184.101.104

SSH

10 / 10

HTTP

8 / 8

IMAP

7 / 7

SMB

6 / 6

HTTPS

6 / 6

DOCKER

5 / 5

TELNET

5 / 5

FTP

4 / 4

SIP

4 / 4

REDIS

4 / 4

RDP

3 / 3

MSSQL

3 / 3

POSTGRES

3 / 3

ELASTICSEARCH

2 / 2

$ sikker summary 137.184.101.104

137.184.101.104 has a threat confidence score of 88%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 70 honeypot sessions targeting SSH, HTTP, IMAP, SMB, HTTPS and 9 other protocols. First observed on April 12, 2026, most recently active April 13, 2026.

$ sikker behaviors 137.184.101.104catalog →

lowSip Options Capability Probe Structured4x

Automated SIP OPTIONS requests used to validate reachable VoIP endpoints and enumerate service capabilities without initiating a call session. The client sends standalone OPTIONS probes with high-entropy or unusually long Call-ID values, a pattern commonly associated with scripted scanning frameworks or VoIP reconnaissance tooling. Such activity is typically observed during infrastructure discovery phases where attackers identify responsive SIP servers, supported methods, and potential targets for toll fraud, brute-force registration attempts, or later exploitation campaigns.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Http Method Get2x

HTTP request using GET method.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 137.184.101.104

docker_get_method6 sip_call_id_long_numeric4 sip_call_id_alphanumeric_entropy4 https_path_root3 http_method_get2 elastic_root_path_probe2 elastic_http_get_request2 redis_command_http_host_header_port_63791

$ sikker related 137.184.101.104

Report IP WHOIS Lookup →

IP Address	Confidence	Events
167.172.142.147	46%	118
45.55.164.231	84%	220
159.223.43.21	100%	1,200
138.197.15.125	47%	41
164.92.124.232	84%	3,207

IP Address	Confidence	Events
73.127.219.155	24%	2
216.218.206.121	54%	68
135.119.96.127	86%	88
64.64.116.138	81%	2,858
92.118.39.87	100%	266,997