Check an IP Address, Domain Name, Subnet, or ASN

178.128.149.186 was found in our database!

$ whois 178.128.149.186

country·🇺🇸 United States

city·North Bergen

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 178.128.149.186scoring →

confidence

84%Very High

first_seen·Mar 8, 2026

last_seen·1h ago

sessions·33

events·33

$ sikker protocols 178.128.149.186

FTP

11 / 11

HTTPS

11 / 11

RDP

6 / 6

HTTP

4 / 4

SMTP

1 / 1

$ sikker summary 178.128.149.186

178.128.149.186 has a threat confidence score of 84%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 33 honeypot sessions targeting FTP, HTTPS, RDP, HTTP, SMTP protocols. Detected attack patterns include http git repository config exposure probe. First observed on March 8, 2026, most recently active March 28, 2026.

$ sikker behaviors 178.128.149.186catalog →

highHttp Git Repository Config Exposure Probe1x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

mediumRdp Nla Ntlm Authentication Attempt1x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoSmtp Tls Capability Probe1x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 178.128.149.186

https_path_root7 http_method_get5 ftp_help_request1 rdp_nla_ntlm_auth1 smtp_ehlo_greeting1 http_path_dotgit_config1 https_request_path_my_policy1 smtp_starttls_upgrade_request1

$ sikker related 178.128.149.186

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→FTP·More threats targetingFTP→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
128.199.220.69	95%	24
159.223.94.92	100%	200
157.245.228.194	69%	138
45.55.194.155	35%	3
207.154.232.101	75%	1,095

IP Address	Confidence	Events
66.132.172.184	97%	181
92.118.39.92	100%	107,206
172.81.128.48	97%	2,632
144.172.105.188	94%	15,178
45.61.184.223	99%	22,467