Check an IP Address, Domain Name, Subnet, or ASN

34.140.119.220 was found in our database!

$ whois 34.140.119.220

country·🇧🇪 Belgium

city·Brussels

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 34.140.119.220scoring →

confidence

100%Very High

first_seen·Mar 6, 2026

last_seen·3d ago

first_reported·Mar 21, 2026

last_reported·27d ago

sessions·482

events·482

reports·1

$ sikker protocols 34.140.119.220

FTP

141 / 141

MONGODB

81 / 81

ELASTICSEARCH

60 / 60

SMB

54 / 54

POSTGRES

52 / 52 / 1r

HTTPS

43 / 43

HTTP

41 / 41

DOCKER

6 / 6

MYSQL

4 / 4

$ sikker summary 34.140.119.220

34.140.119.220 has a threat confidence score of 100%. This IP address from Belgium (AS396982, Google LLC) has been observed in 482 honeypot sessions and reported 1 times targeting FTP, MONGODB, ELASTICSEARCH, SMB, POSTGRES and 4 other protocols. Detected attack patterns include smb ipc netlogon samr srvsvc rpc chain. First observed on March 6, 2026, most recently active April 15, 2026.

$ sikker behaviors 34.140.119.220catalog →

highSmb Ipc Netlogon Samr Srvsvc Rpc Chain2x

Session containing IPC$ share access, NETLOGON share access, root directory read, SAMR RPC bind, and SRVSVC pipe open with subsequent RPC bind. Represents this specific chained SMB RPC interaction pattern within a single session.

mediumMongodb Containerized Pymongo Environment Enumeration15x

Identifies a structured MongoDB reconnaissance sequence performed by a modern PyMongo client operating from a Kubernetes-orchestrated Linux container. The actor negotiates server capabilities using a hello / ismaster handshake, enumerates server build metadata via buildinfo, performs lightweight database name discovery using listDatabases with nameOnly, and explicitly terminates logical sessions using endSessions. This pattern reflects automated tooling or scripted workflows conducting deployment fingerprinting, access surface mapping, and compatibility validation prior to further database interaction.

mediumSmb Authenticated Host And Share Enumeration6x

Composite behavior identifying authenticated SMB activity where a client accesses both IPC$ and data shares, performs root directory reads, and binds to SAMR and SRVSVC RPC interfaces. This sequence is consistent with structured remote enumeration of host configuration, shared resources, and account information, often conducted prior to lateral movement or privilege escalation attempts.

mediumFtp Authenticated Directory Reconnaissance3x

FTP session where a client probes for valid usernames, attempts authentication, negotiates transfer settings (ASCII and UTF-8), retrieves the current working directory, changes directories, enters passive mode, issues directory listings, and sends NOOP to maintain the session. This sequence reflects structured post-authentication exploration of the FTP file system to map directory structure and available content.

lowFtp Passive Session Initialization38x

FTP session where the client authenticates, queries the working directory, sets transfer mode, and enters passive mode without performing any file transfer or directory listing.

lowFtp Passive Directory Listing30x

FTP session where the client enters passive mode (PASV) and issues a LIST command to retrieve a directory listing from the server.

infoHttps Root Path Request39x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request35x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get13x

HTTP request using GET method.

$ sikker primitives 34.140.119.220

mongodb_ismaster_topology_await_admin421 smb_root_read374 smb_wildcard_match171 elastic_http_get_request153 ftp_print_working_directory144 smb_data_share_access114 elastic_root_path_probe95 ftp_set_ascii_mode75 ftp_enter_passive_mode75 ftp_set_utf872 ftp_user_probe72 ftp_password_attempt72 mongodb_ismaster_hellook_client_env_kubernetes_pymongo60 https_path_root39 http_method_get38 smb_netlogon_share_access38 ftp_list_directory35 mysql_select_app_tables_size_from_information_schema32 mysql_select_app_table_columns_from_information_schema32 smb_srvsvc_rpc_bind31

$ sikker reports 34.140.119.220submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 21, 2026, 11:25	Brute Force	POSTGRES	SikkerGuard: 18 blocked packets

$ sikker related 34.140.119.220

🇧🇪·More threats fromBelgium→AS·More threats fromGoogle LLC→FTP·More threats targetingFTP→MONG·More threats targetingMONGODB→ELAS·More threats targetingELASTICSEARCH→SMB·More threats targetingSMB→POST·More threats targetingPOSTGRES→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
205.210.31.142	97%	382
205.210.31.145	98%	350
34.155.82.99	91%	10,528
198.235.24.40	99%	327
147.185.132.95	76%	185

IP Address	Confidence	Events
35.233.88.72	99%	159
35.240.75.51	100%	1,135
34.53.175.198	100%	353
35.233.21.145	100%	276
104.155.46.83	99%	164