Check an IP Address, Domain Name, Subnet, or ASN

106.75.9.195 was found in our database!

$ whois 106.75.9.195

country·🇨🇳 China

isp·China Unicom Beijing Province Network

asn·AS4808

network·Standard

$ sikker risk 106.75.9.195scoring →

confidence

76%High

first_seen·Jan 20, 2026

last_seen·1h ago

sessions·79

events·146

$ sikker protocols 106.75.9.195

MONGODB

13 / 51

DOCKER

10 / 22

HTTPS

21 / 21

FTP

2 / 16

HTTP

11 / 11

SSH

6 / 8

RDP

6 / 6

IMAP

4 / 4

ELASTICSEARCH

3 / 3

SMTP

2 / 2

TELNET

1 / 2

$ sikker summary 106.75.9.195

106.75.9.195 has a threat confidence score of 76%. This IP address from China (AS4808, China Unicom Beijing Province Network) has been observed in 79 honeypot sessions targeting MONGODB, DOCKER, HTTPS, FTP, HTTP and 6 other protocols. First observed on January 20, 2026, most recently active April 3, 2026.

$ sikker behaviors 106.75.9.195catalog →

lowElastic Service Validation And Index Enumeration3x

Client first performs a generic request to the Elasticsearch root endpoint to verify service availability, then proceeds to request /_cat/indices. This sequence reflects staged Elasticsearch reconnaissance where the actor validates that the cluster is reachable before attempting index enumeration and data exposure assessment. Compared to direct index enumeration behaviors, the interaction begins with a service-validation step, suggesting adaptive probing rather than immediate Elasticsearch-specific targeting.

lowMongodb Version Probe1x

Client connects to a MongoDB instance and issues isMaster followed by buildinfo, indicating an attempt to identify server role, capabilities, and software version. This pattern is commonly associated with automated discovery or fingerprinting of exposed MongoDB services rather than normal application activity.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 106.75.9.195

mongodb_ismaster52 docker_get_method12 elastic_http_get_request6 docker_list_containers_endpoint6 empty_ftp_command4 mongodb_buildinfo4 ftp_control_channel_binary_payload4 elastic_root_path_probe3 elastic_cat_indices_enumeration3 https_path_root2 smtp_ehlo_greeting2 ftp_auth_tls1 http_method_get1

$ sikker related 106.75.9.195

Report IP WHOIS Lookup →

IP Address	Confidence	Events
116.196.85.94	87%	38
106.75.77.231	100%	147
114.254.2.251	99%	53
114.67.249.7	29%	6
125.35.109.214	50%	430

IP Address	Confidence	Events
120.195.161.46	93%	104,008
61.164.57.90	98%	44
14.103.123.80	100%	687
58.209.234.84	100%	772
59.37.42.26	65%	2,941