Check an IP Address, Domain Name, Subnet, or ASN

159.89.55.106 was found in our database!

$ whois 159.89.55.106

country·🇺🇸 United States

city·North Bergen

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 159.89.55.106scoring →

confidence

81%Very High

first_seen·Feb 27, 2026

last_seen·1h ago

sessions·66

events·66

$ sikker protocols 159.89.55.106

MONGODB

39 / 39

HTTPS

11 / 11

HTTP

9 / 9

RDP

6 / 6

ELASTICSEARCH

1 / 1

$ sikker summary 159.89.55.106

159.89.55.106 has a threat confidence score of 81%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 66 honeypot sessions targeting MONGODB, HTTPS, HTTP, RDP, ELASTICSEARCH protocols. Detected attack patterns include http git repository config exposure probe. First observed on February 27, 2026, most recently active March 24, 2026.

$ sikker behaviors 159.89.55.106catalog →

highHttp Git Repository Config Exposure Probe1x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

mediumRdp Nla Ntlm Authentication Attempt1x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 159.89.55.106

http_method_get9 elastic_http_get_request4 rdp_nla_ntlm_auth1 elastic_root_path_probe1 http_path_dotgit_config1 elastic_nodes_enumeration1

$ sikker related 159.89.55.106

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→MONG·More threats targetingMONGODB→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
64.23.177.221	51%	11
167.99.242.174	30%	2
178.128.244.242	52%	12
157.230.44.79	79%	132
104.236.93.182	47%	8

IP Address	Confidence	Events
66.132.195.92	69%	22
43.162.109.139	96%	3,214
92.118.39.63	100%	55,378
185.238.231.180	73%	113
96.65.238.178	83%	747