Check an IP Address, Domain Name, Subnet, or ASN

206.81.13.84 was found in our database!

$ whois 206.81.13.84

country·🇺🇸 United States

city·North Bergen

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 206.81.13.84scoring →

confidence

93%Very High

first_seen·Mar 20, 2026

last_seen·10m ago

first_reported·Mar 20, 2026

last_reported·1h ago

sessions·37

events·37

reports·2

$ sikker protocols 206.81.13.84

POSTGRES

20 / 20

REDIS

11 / 11

ELASTICSEARCH

4 / 4

MONGODB

2 / 2

MSSQL

0 / 0 / 1r

MYSQL

0 / 0 / 1r

$ sikker summary 206.81.13.84

206.81.13.84 has a threat confidence score of 93%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 37 honeypot sessions and reported 2 times targeting POSTGRES, REDIS, ELASTICSEARCH, MONGODB, MSSQL and 1 other protocols. First observed on March 20, 2026, most recently active March 20, 2026.

$ sikker behaviors 206.81.13.84catalog →

mediumMongodb Service Discovery And Database Enumeration2x

Remote client performs structured MongoDB reconnaissance by initiating a wire-protocol handshake (ismaster / hello), executing the buildInfo command to obtain server version and build characteristics, and subsequently issuing listDatabases to enumerate all databases present on the instance. This sequence reflects systematic service validation and environment mapping activity commonly associated with automated internet-wide scanning, vulnerability assessment tooling, or pre-exploitation reconnaissance workflows.

lowRedis Automated Service Fingerprinting Sequence1x

Identifies an automated Redis service probing sequence consisting of PING, INFO (uppercase invocation), execution of a deliberately nonexistent command to assess error handling behavior, and QUIT. This tightly grouped pattern reflects reconnaissance and fingerprinting activity used by scanners and exploitation frameworks to determine Redis version, configuration details, and command availability prior to follow-on exploitation attempts. The inclusion of a nonexistent command indicates capability probing rather than normal client interaction.

$ sikker primitives 206.81.13.84

elastic_http_get_request25 elastic_http_bad_request_path_probe7 elastic_root_path_probe5 redis_command_http_connection_close5 redis_command_http_host_header_port_63795 redis_command_http_user_agent_go_http_client_1_14 redis_ping2 mongodb_ismaster2 redis_info_uppercase2 redis_nonexistent_command2 mongodb_listdatabases_command2 elastic_cat_indices_enumeration2 mongodb_buildinfo_admin_command2 redis_quit1

$ sikker reports 206.81.13.84submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 20, 2026, 05:55	Brute Force	MSSQL	SikkerGuard: 10 blocked packets
User	Mar 20, 2026, 05:30	Brute Force	MYSQL	SikkerGuard: 10 blocked packets

$ sikker related 206.81.13.84

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→POST·More threats targetingPOSTGRES→REDI·More threats targetingREDIS→ELAS·More threats targetingELASTICSEARCH→MONG·More threats targetingMONGODB→MSSQ·More threats targetingMSSQL→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
68.183.238.42	90%	276
165.22.243.79	88%	139
188.166.241.2	90%	286
157.230.224.183	89%	32
178.128.221.39	32%	45

IP Address	Confidence	Events
172.174.46.118	100%	199
20.118.32.59	81%	110
162.254.3.130	87%	13,928
209.222.101.54	100%	51,997
97.74.90.88	95%	822