Check an IP Address, Domain Name, Subnet, or ASN

109.105.210.89 was found in our database!

$ whois 109.105.210.89

country·🇵🇹 Portugal

isp·Zenlayer Inc

asn·AS21859

network·Standard

$ sikker risk 109.105.210.89scoring →

confidence

85%Very High

first_seen·Jan 24, 2026

last_seen·1h ago

first_reported·Mar 16, 2026

last_reported·2d ago

sessions·137

events·237

reports·1

$ sikker protocols 109.105.210.89

HTTP

68 / 120

HTTPS

61 / 107

TELNET

2 / 4

MONGODB

2 / 2

ELASTICSEARCH

2 / 2

SSH

1 / 1

REDIS

1 / 1

MYSQL

0 / 0 / 1r

$ sikker summary 109.105.210.89

109.105.210.89 has a threat confidence score of 85%. This IP address from Portugal (AS21859, Zenlayer Inc) has been observed in 137 honeypot sessions and reported 1 times targeting HTTP, HTTPS, TELNET, MONGODB, ELASTICSEARCH and 3 other protocols. First observed on January 24, 2026, most recently active March 19, 2026.

$ sikker behaviors 109.105.210.89catalog →

lowElastic Index Enumeration Probe1x

Client performs a direct request to the Elasticsearch /_cat/indices endpoint and retrieves a successful response without preceding generic web discovery or multi-protocol probing. This behavior indicates targeted Elasticsearch reconnaissance focused on enumerating available indices, document counts, and storage size to assess data exposure. Unlike broad internet scanners, the interaction is Elasticsearch-aware from the start, suggesting tooling or operators specifically searching for open clusters rather than conducting general service fingerprinting.

infoHttp Root Path Request42x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request8x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 109.105.210.89

http_method_get44 https_path_root8 elastic_http_get_request5 redis_info_lowercase1 mongodb_hello_command1 elastic_cat_indices_enumeration1

$ sikker reports 109.105.210.89submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 16:38	Brute Force	MYSQL	SikkerGuard: 2 blocked packets

$ sikker related 109.105.210.89

🇵🇹·More threats fromPortugal→AS·More threats fromZenlayer Inc→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→MONG·More threats targetingMONGODB→ELAS·More threats targetingELASTICSEARCH→SSH·More threats targetingSSH→REDI·More threats targetingREDIS→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.226.196.28	71%	231
185.180.141.39	78%	180
185.180.141.37	98%	425
185.180.141.40	74%	181
109.105.209.20	86%	227

IP Address	Confidence	Events
45.156.129.107	67%	145
45.156.129.106	72%	130
45.156.129.105	88%	171
45.156.129.108	73%	160
45.156.129.191	51%	13