Check an IP Address, Domain Name, Subnet, or ASN

185.93.89.43 was found in our database!

$ whois 185.93.89.43

country·🇮🇷 Iran

isp·Limited Network LTD

asn·AS213790

network·Standard

$ sikker risk 185.93.89.43scoring →

confidence

85%Very High

first_seen·Jan 28, 2026

last_seen·1h ago

sessions·264

events·270

$ sikker protocols 185.93.89.43

HTTP

162 / 163

HTTPS

84 / 86

DOCKER

6 / 6

FTP

3 / 5

TELNET

2 / 3

SMTP

2 / 2

SMB

1 / 1

SSH

1 / 1

IMAP

1 / 1

MSSQL

1 / 1

MONGODB

1 / 1

$ sikker summary 185.93.89.43

185.93.89.43 has a threat confidence score of 85%. This IP address from Iran (AS213790, Limited Network LTD) has been observed in 264 honeypot sessions targeting HTTP, HTTPS, DOCKER, FTP, TELNET and 6 other protocols. First observed on January 28, 2026, most recently active April 30, 2026.

$ sikker behaviors 185.93.89.43catalog →

mediumMongodb Service Discovery And Database Enumeration1x

Remote client performs structured MongoDB reconnaissance by initiating a wire-protocol handshake (ismaster / hello), executing the buildInfo command to obtain server version and build characteristics, and subsequently issuing listDatabases to enumerate all databases present on the instance. This sequence reflects systematic service validation and environment mapping activity commonly associated with automated internet-wide scanning, vulnerability assessment tooling, or pre-exploitation reconnaissance workflows.

infoHttp Root Path Request17x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get16x

HTTP request using GET method.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

$ sikker primitives 185.93.89.43

docker_post_method45 http_method_get20 docker_get_method15 https_path_root7 https_autodiscover_json_path_probe6 ftp_auth_tls1 mongodb_ismaster1 mongodb_listdatabases_command1 mongodb_buildinfo_admin_command1

$ sikker related 185.93.89.43

🇮🇷·More threats fromIran→AS·More threats fromLimited Network LTD→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→DOCK·More threats targetingDOCKER→FTP·More threats targetingFTP→TELN·More threats targetingTELNET→SMTP·More threats targetingSMTP→SMB·More threats targetingSMB→SSH·More threats targetingSSH→IMAP·More threats targetingIMAP→MSSQ·More threats targetingMSSQL→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
77.90.185.118	100%	15,392
192.253.248.169	100%	6,485
77.90.185.16	85%	4,319
77.90.185.12	97%	1,849
172.94.9.79	35%	3

IP Address	Confidence	Events
192.253.248.169	100%	6,489
77.90.185.118	100%	15,403
77.90.185.16	85%	4,319
77.90.185.12	97%	1,849
172.94.9.79	35%	3