Check an IP Address, Domain Name, Subnet, or ASN

124.227.31.117 was found in our database!

$ whois 124.227.31.117

country·🇨🇳 China

isp·Chinanet

asn·AS4134

network·Standard

$ sikker risk 124.227.31.117scoring →

confidence

38%Low

first_seen·Feb 2, 2026

last_seen·1h ago

sessions·3

events·6

$ sikker protocols 124.227.31.117

MONGODB

2 / 5

HTTPS

1 / 1

$ sikker summary 124.227.31.117

124.227.31.117 has a threat confidence score of 38%. This IP address from China (AS4134, Chinanet) has been observed in 3 honeypot sessions targeting MONGODB, HTTPS protocols. First observed on February 2, 2026, most recently active March 23, 2026.

$ sikker behaviors 124.227.31.117catalog →

mediumMongodb Version Fingerprinting Reconnaissance1x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

$ sikker primitives 124.227.31.117

mongodb_ismaster5 mongodb_buildinfo_admin_command1

$ sikker related 124.227.31.117

🇨🇳·More threats fromChina→AS·More threats fromChinanet→MONG·More threats targetingMONGODB→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
122.225.49.238	41%	254
183.145.247.1	93%	975
14.29.181.34	100%	800
60.172.41.103	49%	347
122.225.203.106	61%	1,028

IP Address	Confidence	Events
118.122.147.49	100%	889
14.103.127.97	100%	1,014
121.26.196.90	40%	163
123.188.239.222	97%	2,703
203.110.233.225	100%	725