Check an IP Address, Domain Name, Subnet, or ASN

157.230.156.190 was found in our database!

$ whois 157.230.156.190

country·🇺🇸 United States

city·Santa Clara

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 157.230.156.190scoring →

confidence

70%High

first_seen·Feb 27, 2026

last_seen·1h ago

sessions·38

events·38

$ sikker protocols 157.230.156.190

HTTP

14 / 14

HTTPS

13 / 13

SIP

4 / 4

RDP

3 / 3

ELASTICSEARCH

3 / 3

MONGODB

1 / 1

$ sikker summary 157.230.156.190

157.230.156.190 has a threat confidence score of 70%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 38 honeypot sessions targeting HTTP, HTTPS, SIP, RDP, ELASTICSEARCH and 1 other protocols. First observed on February 27, 2026, most recently active March 25, 2026.

$ sikker behaviors 157.230.156.190catalog →

mediumRdp Nla Ntlm Authentication Attempt1x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 157.230.156.190

elastic_http_get_request22 elastic_http_bad_request_path_probe12 http_method_get5 http_path_bad_request4 elastic_root_path_probe4 elastic_nodes_enumeration2 mongodb_ismaster1 rdp_nla_ntlm_auth1

$ sikker related 157.230.156.190

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→SIP·More threats targetingSIP→RDP·More threats targetingRDP→ELAS·More threats targetingELASTICSEARCH→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
167.99.72.161	99%	421
157.230.44.79	80%	181
143.110.182.33	34%	23
157.230.184.110	39%	162
206.189.84.29	77%	121

IP Address	Confidence	Events
66.132.172.219	91%	64
71.6.158.166	100%	1,484
20.65.216.44	85%	222
92.118.39.63	100%	55,995
92.118.39.62	100%	377,441