Check an IP Address, Domain Name, Subnet, or ASN

137.184.63.241 was found in our database!

$ whois 137.184.63.241

country·🇺🇸 United States

city·North Bergen

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 137.184.63.241scoring →

confidence

70%High

first_seen·Mar 2, 2026

last_seen·1h ago

sessions·110

events·110

$ sikker protocols 137.184.63.241

MONGODB

78 / 78

TELNET

14 / 14

SIP

6 / 6

HTTPS

5 / 5

RDP

3 / 3

FTP

1 / 1

SSH

1 / 1

MSSQL

1 / 1

DOCKER

1 / 1

$ sikker summary 137.184.63.241

137.184.63.241 has a threat confidence score of 70%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 110 honeypot sessions targeting MONGODB, TELNET, SIP, HTTPS, RDP and 4 other protocols. First observed on March 2, 2026, most recently active April 2, 2026.

$ sikker behaviors 137.184.63.241catalog →

mediumRdp Nla Ntlm Authentication Attempt1x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 137.184.63.241

docker_get_method14 docker_bad_request_uri12 ftp_set_ascii_mode8 ftp_enter_passive_mode8 ftp_user_probe1 https_path_root1 rdp_nla_ntlm_auth1 ftp_list_directory1 ftp_password_attempt1

$ sikker related 137.184.63.241

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→MONG·More threats targetingMONGODB→TELN·More threats targetingTELNET→SIP·More threats targetingSIP→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→FTP·More threats targetingFTP→SSH·More threats targetingSSH→MSSQ·More threats targetingMSSQL→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
209.97.158.195	45%	4
188.226.148.205	79%	11,783
174.138.53.142	100%	206
157.245.143.12	95%	372
159.65.231.60	76%	64

IP Address	Confidence	Events
159.65.231.60	74%	46
52.87.171.66	62%	34
18.218.118.203	100%	38,146
15.204.128.147	96%	5,440
54.242.178.61	62%	31