Check an IP Address, Domain Name, Subnet, or ASN

89.42.231.182 was found in our database!

$ whois 89.42.231.182

country·🇳🇱 The Netherlands

isp·Amarutu Technology Ltd

asn·AS206264

network·Standard

$ sikker risk 89.42.231.182scoring →

confidence

98%Very High

first_seen·Feb 27, 2026

last_seen·3h ago

first_reported·Mar 6, 2026

last_reported·3h ago

sessions·1,651

events·1,710

reports·22

$ sikker protocols 89.42.231.182

HTTP

675 / 675 / 8r

HTTPS

546 / 553 / 7r

RTSP

39 / 90

SIP

84 / 84 / 1r

DOCKER

76 / 76

FTP

56 / 56 / 1r

SSH

52 / 52 / 1r

POSTGRES

32 / 32 / 1r

SMTP

30 / 30 / 1r

TELNET

27 / 28 / 1r

IMAP

27 / 27

ELASTICSEARCH

7 / 7

$ sikker summary 89.42.231.182

89.42.231.182 has a threat confidence score of 98%. This IP address from The Netherlands (AS206264, Amarutu Technology Ltd) has been observed in 1,651 honeypot sessions and reported 22 times targeting HTTP, HTTPS, RTSP, SIP, DOCKER and 7 other protocols. First observed on February 27, 2026, most recently active March 20, 2026.

$ sikker behaviors 89.42.231.182catalog →

infoHttp Root Path Request123x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe40x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoDocker Invalid Protocol Probe3x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 89.42.231.182

http_method_get325 docker_get_method168 http_path_bad_request102 elastic_http_get_request96 docker_bad_request_uri50 elastic_http_bad_request_path_probe48 empty_ftp_command23 https_path_root1

$ sikker reports 89.42.231.182submit →

Showing 5 of 22 reports from 2 contributors

Reporter	Date	Category	Protocol	Comment
User	Mar 20, 2026, 08:52	Brute Force	POSTGRES	SikkerGuard: 2 blocked packets
User	Mar 20, 2026, 07:16	Brute Force	SIP	SikkerGuard: 2 blocked packets
Anonymous	Mar 19, 2026, 19:40	Brute Force	—	SikkerGuard: 2 blocked packets
User	Mar 19, 2026, 06:56	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 19, 2026, 04:50	Brute Force	HTTP	SikkerGuard: 2 blocked packets

1 / 5

$ sikker related 89.42.231.182

Report IP WHOIS Lookup →

IP Address	Confidence	Events
183.81.169.235	76%	153
5.61.209.96	95%	1,684
89.42.231.241	92%	1,893
185.191.124.67	46%	176
5.61.209.92	85%	8,503

IP Address	Confidence	Events
185.130.225.180	96%	1,366
107.189.21.55	95%	884
94.23.150.225	100%	219,047
188.226.148.205	79%	8,829
204.76.203.50	89%	95