Check an IP Address, Domain Name, Subnet, or ASN

104.155.46.83 was found in our database!

$ whois 104.155.46.83

country·🇧🇪 Belgium

city·Brussels

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 104.155.46.83scoring →

confidence

91%Very High

first_seen·Mar 31, 2026

last_seen·4h ago

sessions·15

events·15

$ sikker protocols 104.155.46.83

FTP

6 / 6

MONGODB

3 / 3

HTTPS

2 / 2

POSTGRES

2 / 2

HTTP

1 / 1

MYSQL

1 / 1

$ sikker summary 104.155.46.83

104.155.46.83 has a threat confidence score of 91%. This IP address from Belgium (AS396982, Google LLC) has been observed in 15 honeypot sessions targeting FTP, MONGODB, HTTPS, POSTGRES, HTTP and 1 other protocols. Detected attack patterns include mysql full application schema reconnaissance. First observed on March 31, 2026, most recently active April 3, 2026.

$ sikker behaviors 104.155.46.83catalog →

highMysql Full Application Schema Reconnaissance1x

Structured enumeration of MySQL server metadata and multiple application-related schemas (analytics, app, app_prod, metrics) combined with dataset sizing and record-count profiling of key tables such as users, sessions, api_keys, projects, and audit_logs. The activity indicates deliberate mapping of database structure, data volume assessment, and identification of high-value datasets consistent with pre-collection reconnaissance or staging for targeted data access or exfiltration.

lowFtp Passive Session Initialization2x

FTP session where the client authenticates, queries the working directory, sets transfer mode, and enters passive mode without performing any file transfer or directory listing.

lowFtp Passive Directory Listing1x

FTP session where the client enters passive mode (PASV) and issues a LIST command to retrieve a directory listing from the server.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 104.155.46.83

mongodb_ismaster_topology_await_admin56 mysql_select_app_tables_size_from_information_schema8 mysql_select_app_table_columns_from_information_schema8 ftp_print_working_directory6 mongodb_buildinfo_admin_lsid_command6 ftp_set_utf83 ftp_user_probe3 ftp_set_ascii_mode3 ftp_password_attempt3 ftp_enter_passive_mode3 mongodb_ismaster_hellook_client_env_kubernetes_pymongo2 http_method_get1 https_path_root1 ftp_list_directory1 mysql_set_names_utf8mb31 mysql_disable_autocommit1 mysql_show_tables_from_app1 mysql_transaction_rollback1 mysql_select_version_uppercase1 mysql_show_databases_uppercase1

$ sikker related 104.155.46.83

🇧🇪·More threats fromBelgium→AS·More threats fromGoogle LLC→FTP·More threats targetingFTP→MONG·More threats targetingMONGODB→HTTP·More threats targetingHTTPS→POST·More threats targetingPOSTGRES→HTTP·More threats targetingHTTP→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
198.235.24.33	84%	184
35.203.210.63	76%	188
198.235.24.11	93%	225
205.210.31.146	96%	217
198.235.24.12	90%	183

IP Address	Confidence	Events
34.78.28.28	99%	163
34.77.191.38	100%	1,467
35.233.88.72	67%	6
146.148.122.35	100%	424
34.53.175.198	100%	231