Check an IP Address, Domain Name, Subnet, or ASN

194.187.176.131 was found in our database!

$ whois 194.187.176.131

country·🇩🇪 Germany

city·Berlin

isp·Alpha Strike Labs GmbH

asn·AS208843

network·Standard

$ sikker risk 194.187.176.131scoring →

confidence

73%High

first_seen·Jan 22, 2026

last_seen·2h ago

sessions·15

events·23

$ sikker protocols 194.187.176.131

SMTP

3 / 6

HTTP

2 / 4

HTTPS

2 / 4

TELNET

1 / 2

MONGODB

2 / 2

ELASTICSEARCH

2 / 2

RDP

1 / 1

SMB

1 / 1

RTSP

1 / 1

$ sikker summary 194.187.176.131

194.187.176.131 has a threat confidence score of 73%. This IP address from Germany (AS208843, Alpha Strike Labs GmbH) has been observed in 15 honeypot sessions targeting SMTP, HTTP, HTTPS, TELNET, MONGODB and 4 other protocols. First observed on January 22, 2026, most recently active April 1, 2026.

$ sikker behaviors 194.187.176.131catalog →

mediumMongodb Version Fingerprinting Reconnaissance2x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 194.187.176.131

smtp_starttls_upgrade_request4 http_method_get2 mongodb_ismaster2 elastic_http_get_request2 mongodb_buildinfo_admin_command2 rtsp_options1 rtsp_describe1 https_path_root1 elastic_root_path_probe1

$ sikker related 194.187.176.131

🇩🇪·More threats fromGermany→AS·More threats fromAlpha Strike Labs GmbH→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→MONG·More threats targetingMONGODB→ELAS·More threats targetingELASTICSEARCH→RDP·More threats targetingRDP→SMB·More threats targetingSMB→RTSP·More threats targetingRTSP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
194.187.176.225	41%	20
194.187.176.99	61%	17
194.187.176.176	28%	12
194.187.176.152	33%	6
194.187.176.51	55%	17

IP Address	Confidence	Events
45.86.202.247	84%	2,055
178.20.210.137	57%	275
194.164.192.90	98%	11,169
46.101.167.100	39%	34
146.247.123.6	85%	2,201