Check an IP Address, Domain Name, Subnet, or ASN

167.172.139.138 was found in our database!

$ whois 167.172.139.138

country·🇺🇸 United States

city·North Bergen

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 167.172.139.138scoring →

confidence

100%Very High

first_seen·Feb 23, 2026

last_seen·1h ago

sessions·185

events·185

$ sikker protocols 167.172.139.138

SSH

153 / 153

MONGODB

32 / 32

$ sikker summary 167.172.139.138

167.172.139.138 has a threat confidence score of 100%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 185 honeypot sessions targeting SSH, MONGODB protocols. Detected attack patterns include ssh host fingerprint and shell rc immutable removal. First observed on February 23, 2026, most recently active April 21, 2026.

$ sikker behaviors 167.172.139.138catalog →

very_highSsh Host Fingerprint And Shell Rc Immutable Removal152x

Execution of a multi-command host fingerprinting script that collects kernel details, architecture, uptime, CPU count and model, GPU information, login history, and binary help characteristics, combined with chattr -i $HOME/.bashrc $HOME/.zshrc 2>/dev/null || true to remove the immutable attribute from user shell initialization files in the current user’s home directory.

$ sikker primitives 167.172.139.138

ssh_compute_and_environment_fingerprint_script152 unix_chattr_remove_immutable_flag_home_shell_rc152 mongodb_serverstatus_float_command1

$ sikker related 167.172.139.138

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→SSH·More threats targetingSSH→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
159.223.41.187	73%	12
142.93.145.126	95%	2,033
64.226.95.187	23%	1
167.99.49.158	55%	12
165.22.218.119	93%	11,904

IP Address	Confidence	Events
13.222.38.67	79%	74
66.240.223.208	92%	137
3.82.198.92	77%	57
185.218.138.27	97%	22,711
64.252.66.88	84%	61