Check an IP Address, Domain Name, Subnet, or ASN

47.109.204.89 was found in our database!

$ whois 47.109.204.89

country·🇨🇳 China

city·Chengdu

isp·Hangzhou Alibaba Advertising Co.,Ltd.

asn·AS37963

network·Standard

$ sikker risk 47.109.204.89scoring →

confidence

87%Very High

first_seen·Jan 28, 2026

last_seen·2h ago

first_reported·Mar 11, 2026

last_reported·5d ago

sessions·370

events·446

reports·2

$ sikker protocols 47.109.204.89

MONGODB

241 / 297 / 2r

HTTPS

120 / 138

HTTP

9 / 11

$ sikker summary 47.109.204.89

47.109.204.89 has a threat confidence score of 87%. This IP address from China (AS37963, Hangzhou Alibaba Advertising Co.,Ltd.) has been observed in 370 honeypot sessions and reported 2 times targeting MONGODB, HTTPS, HTTP protocols. First observed on January 28, 2026, most recently active March 16, 2026.

$ sikker behaviors 47.109.204.89catalog →

infoHttps Root Path Request23x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoMongodb Startupwarnings Probe21x

Client repeatedly requests MongoDB startup warnings using the getLog command and disconnects shortly after. This pattern indicates automated inspection of server diagnostics to gather environment details, commonly seen during discovery or reconnaissance against exposed MongoDB services.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 47.109.204.89

mongodb_getlog_startupwarnings63 https_path_root24 http_method_get4

$ sikker reports 47.109.204.89submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 11, 2026, 13:24	Brute Force	MONGODB	SikkerGuard: 4 blocked packets
User	Mar 11, 2026, 03:24	Brute Force	MONGODB	SikkerGuard: 4 blocked packets

$ sikker related 47.109.204.89

🇨🇳·More threats fromChina→AS·More threats fromHangzhou Alibaba Advertising Co.,Ltd.→MONG·More threats targetingMONGODB→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
121.199.166.76	82%	6
47.112.212.56	75%	154
39.107.106.103	17%	3
47.105.207.193	84%	8,102
121.43.125.129	99%	1,259

IP Address	Confidence	Events
8.130.142.241	84%	43,717
121.37.10.122	94%	62
139.198.30.65	98%	73
180.184.82.249	100%	1,118
117.50.185.119	94%	90