Check an IP Address, Domain Name, Subnet, or ASN

3.138.201.186 was found in our database!

$ whois 3.138.201.186

country·🇺🇸 United States

city·Columbus

isp·Amazon.com, Inc.

asn·AS16509

network·Standard

$ sikker risk 3.138.201.186scoring →

confidence

94%Very High

first_seen·Apr 21, 2026

last_seen·54m ago

sessions·105

events·105

$ sikker protocols 3.138.201.186

HTTP

50 / 50

SMTP

35 / 35

MONGODB

14 / 14

HTTPS

6 / 6

$ sikker summary 3.138.201.186

3.138.201.186 has a threat confidence score of 94%. This IP address from United States (AS16509, Amazon.com, Inc.) has been observed in 105 honeypot sessions targeting HTTP, SMTP, MONGODB, HTTPS protocols. First observed on April 21, 2026, most recently active April 22, 2026.

$ sikker behaviors 3.138.201.186catalog →

mediumMongodb Service Discovery And Database Enumeration2x

Remote client performs structured MongoDB reconnaissance by initiating a wire-protocol handshake (ismaster / hello), executing the buildInfo command to obtain server version and build characteristics, and subsequently issuing listDatabases to enumerate all databases present on the instance. This sequence reflects systematic service validation and environment mapping activity commonly associated with automated internet-wide scanning, vulnerability assessment tooling, or pre-exploitation reconnaissance workflows.

infoHttp Http Method Get16x

HTTP request using GET method.

infoHttp Root Path Request16x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe8x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 3.138.201.186

http_method_get29 http_path_bad_request13 mongodb_ismaster2 mongodb_listdatabases_command2 mongodb_buildinfo_admin_command2 https_path_root1

$ sikker related 3.138.201.186

🇺🇸·More threats fromUnited States→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTP→SMTP·More threats targetingSMTP→MONG·More threats targetingMONGODB→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
3.131.220.121	100%	29,121
54.151.176.0	85%	14,800
3.130.168.2	100%	44,175
16.58.56.214	100%	55,353
13.231.239.44	97%	6,541

IP Address	Confidence	Events
144.172.95.158	100%	15,647
74.208.27.88	96%	109
185.218.138.18	97%	24,019
43.162.109.139	96%	5,959
198.235.24.49	98%	349