Check an IP Address, Domain Name, Subnet, or ASN

34.52.209.214 was found in our database!

$ whois 34.52.209.214

country·🇧🇪 Belgium

city·Brussels

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 34.52.209.214scoring →

confidence

84%Very High

first_seen·Mar 14, 2026

last_seen·1h ago

sessions·17

events·17

$ sikker protocols 34.52.209.214

ELASTICSEARCH

6 / 6

SMB

3 / 3

MONGODB

3 / 3

HTTP

2 / 2

HTTPS

1 / 1

MYSQL

1 / 1

DOCKER

1 / 1

$ sikker summary 34.52.209.214

34.52.209.214 has a threat confidence score of 84%. This IP address from Belgium (AS396982, Google LLC) has been observed in 17 honeypot sessions targeting ELASTICSEARCH, SMB, MONGODB, HTTP, HTTPS and 2 other protocols. First observed on March 14, 2026, most recently active March 25, 2026.

$ sikker behaviors 34.52.209.214catalog →

mediumSmb Remote Enumeration Via Samr And Srvsvc1x

Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.

mediumMongodb Containerized Pymongo Environment Enumeration1x

Identifies a structured MongoDB reconnaissance sequence performed by a modern PyMongo client operating from a Kubernetes-orchestrated Linux container. The actor negotiates server capabilities using a hello / ismaster handshake, enumerates server build metadata via buildinfo, performs lightweight database name discovery using listDatabases with nameOnly, and explicitly terminates logical sessions using endSessions. This pattern reflects automated tooling or scripted workflows conducting deployment fingerprinting, access surface mapping, and compatibility validation prior to further database interaction.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 34.52.209.214

elastic_http_get_request19 elastic_root_path_probe9 mysql_select_app_tables_size_from_information_schema7 mongodb_ismaster_topology_await_admin6 elastic_http_bad_request_path_probe5 mysql_select_app_table_columns_from_information_schema5 smb_root_read2 http_method_get2 smb_srvsvc_rpc_bind2 mongodb_ismaster_hellook_client_env_kubernetes_pymongo2 https_path_root1 docker_get_method1 smb_samr_rpc_bind1 smb_ipc_share_access1 smb_srvsvc_pipe_open1 mysql_set_names_utf8mb31 mysql_disable_autocommit1 mysql_show_tables_from_app1 mysql_select_version_uppercase1 mysql_show_databases_uppercase1

$ sikker related 34.52.209.214

🇧🇪·More threats fromBelgium→AS·More threats fromGoogle LLC→ELAS·More threats targetingELASTICSEARCH→SMB·More threats targetingSMB→MONG·More threats targetingMONGODB→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→MYSQ·More threats targetingMYSQL→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
147.185.132.150	93%	298
147.185.132.123	98%	295
198.235.24.43	95%	227
205.210.31.243	98%	309
147.185.132.36	98%	328

IP Address	Confidence	Events
212.100.184.27	94%	386
34.52.195.59	98%	71
34.77.191.38	100%	1,413
35.240.75.51	100%	961
34.62.172.174	100%	156