Check an IP Address, Domain Name, Subnet, or ASN

64.227.59.29 was found in our database!

$ whois 64.227.59.29

country·🇺🇸 United States

city·Santa Clara

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 64.227.59.29scoring →

confidence

63%High

first_seen·Mar 1, 2026

last_seen·1h ago

sessions·49

events·49

$ sikker protocols 64.227.59.29

SMB

21 / 21

HTTP

8 / 8

POSTGRES

8 / 8

HTTPS

4 / 4

RDP

3 / 3

DOCKER

2 / 2

REDIS

1 / 1

MONGODB

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 64.227.59.29

64.227.59.29 has a threat confidence score of 63%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 49 honeypot sessions targeting SMB, HTTP, POSTGRES, HTTPS, RDP and 4 other protocols. First observed on March 1, 2026, most recently active April 12, 2026.

$ sikker behaviors 64.227.59.29catalog →

mediumRdp Nla Ntlm Authentication Attempt1x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 64.227.59.29

docker_get_method28 docker_bad_request_uri24 elastic_http_get_request4 http_method_get1 mongodb_ismaster1 rdp_nla_ntlm_auth1 redis_info_uppercase1 elastic_root_path_probe1 elastic_nodes_enumeration1

$ sikker related 64.227.59.29

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→SMB·More threats targetingSMB→HTTP·More threats targetingHTTP→POST·More threats targetingPOSTGRES→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→DOCK·More threats targetingDOCKER→REDI·More threats targetingREDIS→MONG·More threats targetingMONGODB→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
104.236.3.25	55%	175
104.248.160.105	60%	1,236
159.65.220.10	89%	697
159.223.169.93	99%	912
157.230.209.253	98%	870

IP Address	Confidence	Events
193.56.116.247	82%	1,679
104.236.3.25	55%	170
45.76.28.232	78%	758
172.212.200.195	88%	194
38.146.219.190	77%	1,449