Check an IP Address, Domain Name, Subnet, or ASN

34.140.171.60 was found in our database!

$ whois 34.140.171.60

country·🇧🇪 Belgium

city·Brussels

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 34.140.171.60scoring →

confidence

98%Very High

first_seen·Apr 15, 2026

last_seen·6m ago

sessions·87

events·87

$ sikker protocols 34.140.171.60

FTP

24 / 24

SMB

12 / 12

MONGODB

12 / 12

POSTGRES

11 / 11

ELASTICSEARCH

8 / 8

HTTP

7 / 7

MYSQL

6 / 6

HTTPS

4 / 4

DOCKER

3 / 3

$ sikker summary 34.140.171.60

34.140.171.60 has a threat confidence score of 98%. This IP address from Belgium (AS396982, Google LLC) has been observed in 87 honeypot sessions targeting FTP, SMB, MONGODB, POSTGRES, ELASTICSEARCH and 4 other protocols. First observed on April 15, 2026, most recently active April 24, 2026.

$ sikker behaviors 34.140.171.60catalog →

mediumMongodb Containerized Pymongo Environment Enumeration3x

Identifies a structured MongoDB reconnaissance sequence performed by a modern PyMongo client operating from a Kubernetes-orchestrated Linux container. The actor negotiates server capabilities using a hello / ismaster handshake, enumerates server build metadata via buildinfo, performs lightweight database name discovery using listDatabases with nameOnly, and explicitly terminates logical sessions using endSessions. This pattern reflects automated tooling or scripted workflows conducting deployment fingerprinting, access surface mapping, and compatibility validation prior to further database interaction.

lowFtp Passive Session Initialization9x

FTP session where the client authenticates, queries the working directory, sets transfer mode, and enters passive mode without performing any file transfer or directory listing.

lowFtp Passive Directory Listing3x

FTP session where the client enters passive mode (PASV) and issues a LIST command to retrieve a directory listing from the server.

infoHttp Http Method Get7x

HTTP request using GET method.

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 34.140.171.60

mysql_select_app_tables_size_from_information_schema48 mysql_select_app_table_columns_from_information_schema48 mongodb_ismaster_topology_await_admin25 ftp_print_working_directory24 elastic_http_get_request22 elastic_root_path_probe14 ftp_set_utf812 ftp_user_probe12 ftp_set_ascii_mode12 ftp_password_attempt12 ftp_enter_passive_mode12 mongodb_ismaster_hellook_client_env_kubernetes_pymongo8 http_method_get7 smb_root_read6 smb_srvsvc_rpc_bind6 mysql_set_names_utf8mb36 mysql_disable_autocommit6 mysql_show_tables_from_app6 mysql_transaction_rollback6 mysql_select_version_uppercase6

$ sikker related 34.140.171.60

🇧🇪·More threats fromBelgium→AS·More threats fromGoogle LLC→FTP·More threats targetingFTP→SMB·More threats targetingSMB→MONG·More threats targetingMONGODB→POST·More threats targetingPOSTGRES→ELAS·More threats targetingELASTICSEARCH→HTTP·More threats targetingHTTP→MYSQ·More threats targetingMYSQL→HTTP·More threats targetingHTTPS→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
34.155.82.99	91%	14,066
205.210.31.16	99%	417
35.199.91.184	96%	5,763
198.235.24.2	98%	345
198.235.24.158	98%	422

IP Address	Confidence	Events
212.100.184.27	94%	1,746
34.38.173.45	56%	15
34.53.180.148	74%	32
34.14.33.150	100%	599
34.78.108.38	66%	22