Check an IP Address, Domain Name, Subnet, or ASN

206.189.222.234 was found in our database!

$ whois 206.189.222.234

country·🇺🇸 United States

city·Santa Clara

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 206.189.222.234scoring →

confidence

89%Very High

first_seen·Feb 27, 2026

last_seen·2h ago

sessions·96

events·96

$ sikker protocols 206.189.222.234

REDIS

38 / 38

MONGODB

36 / 36

RDP

9 / 9

HTTP

5 / 5

HTTPS

4 / 4

ELASTICSEARCH

2 / 2

FTP

1 / 1

IMAP

1 / 1

$ sikker summary 206.189.222.234

206.189.222.234 has a threat confidence score of 89%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 96 honeypot sessions targeting REDIS, MONGODB, RDP, HTTP, HTTPS and 3 other protocols. Detected attack patterns include http git repository config exposure probe. First observed on February 27, 2026, most recently active March 28, 2026.

$ sikker behaviors 206.189.222.234catalog →

highHttp Git Repository Config Exposure Probe1x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

mediumRdp Nla Ntlm Authentication Attempt1x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 206.189.222.234

elastic_http_get_request18 elastic_http_bad_request_path_probe12 http_method_get6 elastic_root_path_probe3 ftp_user_probe1 rdp_nla_ntlm_auth1 ftp_set_ascii_mode1 ftp_password_attempt1 ftp_enter_passive_mode1 http_path_dotgit_config1 elastic_nodes_enumeration1

$ sikker related 206.189.222.234

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→REDI·More threats targetingREDIS→MONG·More threats targetingMONGODB→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→ELAS·More threats targetingELASTICSEARCH→FTP·More threats targetingFTP→IMAP·More threats targetingIMAP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.22.218.119	79%	10,342
167.172.120.246	100%	587
143.244.163.41	38%	48
159.65.110.231	62%	60
161.35.8.199	98%	45

IP Address	Confidence	Events
144.172.105.188	94%	15,278
92.118.39.56	100%	118,220
92.118.39.95	100%	83,958
205.210.31.17	96%	194
172.93.215.99	96%	933