Check an IP Address, Domain Name, Subnet, or ASN

144.172.65.198 was found in our database!

$ whois 144.172.65.198

country·🇺🇸 United States

network·Standard

$ sikker risk 144.172.65.198scoring →

confidence

77%High

first_seen·Apr 14, 2026

last_seen·45m ago

sessions·15

events·15

$ sikker protocols 144.172.65.198

MONGODB

15 / 15

$ sikker summary 144.172.65.198

144.172.65.198 has a threat confidence score of 77%. This IP address from United States has been observed in 15 honeypot sessions targeting MONGODB protocols. First observed on April 14, 2026, most recently active April 14, 2026.

$ sikker behaviors 144.172.65.198catalog →

mediumMongodb Driver Handshake And Topology Recon3x

Client performs structured MongoDB deployment reconnaissance by first initiating a standard driver handshake (ismaster / hello) disclosing client runtime and platform metadata (PyMongo, CPython, Linux x86_64), followed by an advanced topology-aware handshake request against the admin database including topologyVersion tracking and long-poll await semantics. This sequence reflects automated driver-level service validation and replica-set / cluster state discovery activity commonly associated with scanning frameworks, monitoring tooling, or pre-enumeration reconnaissance workflows preparing for deeper database interaction.

$ sikker primitives 144.172.65.198

mongodb_ismaster_topology_await_admin950 mongodb_ismaster_hello_py_driver_probe_x86_649 mongodb_ismaster_hello_py_driver_probe6 mongodb_endSessions_admin_command3 mongodb_listcollections_test_nameonly3 mongodb_listcollections_production_nameonly3

$ sikker related 144.172.65.198

🇺🇸·More threats fromUnited States→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.218.138.19	97%	16,937
174.75.211.204	38%	348
193.56.116.247	82%	3,198
98.110.234.182	79%	349
170.106.167.247	95%	2,561