Check an IP Address, Domain Name, Subnet, or ASN

34.53.175.198 was found in our database!

$ whois 34.53.175.198

country·🇧🇪 Belgium

city·Brussels

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 34.53.175.198scoring →

confidence

100%Very High

first_seen·Mar 17, 2026

last_seen·2h ago

first_reported·May 9, 2026

last_reported·1d ago

sessions·589

events·589

reports·1

$ sikker protocols 34.53.175.198

FTP

143 / 143

MONGODB

114 / 114

ELASTICSEARCH

87 / 87

POSTGRES

78 / 78

SMB

72 / 72

HTTPS

38 / 38 / 1r

HTTP

31 / 31

MYSQL

18 / 18

DOCKER

8 / 8

$ sikker summary 34.53.175.198

34.53.175.198 has a threat confidence score of 100%. This IP address from Belgium (AS396982, Google LLC) has been observed in 589 honeypot sessions and reported 1 times targeting FTP, MONGODB, ELASTICSEARCH, POSTGRES, SMB and 4 other protocols. Detected attack patterns include mysql application environment tier reconnaissance. First observed on March 17, 2026, most recently active May 10, 2026.

$ sikker behaviors 34.53.175.198catalog →

highMysql Application Environment Tier Reconnaissance1x

Adversary performs structured enumeration of MySQL databases and application environment tiers including development (app_dev), production (app_prod), backup (backup), logging (logs), and primary application schemas. The activity combines schema discovery, metadata inspection, dataset sizing, and record-count profiling across operational and lifecycle-segmented datasets. This pattern indicates deliberate mapping of deployment topology, data replication surfaces, and log retention locations to identify high-value targets and potential data exfiltration or impact paths.

mediumMongodb Containerized Pymongo Environment Enumeration32x

Identifies a structured MongoDB reconnaissance sequence performed by a modern PyMongo client operating from a Kubernetes-orchestrated Linux container. The actor negotiates server capabilities using a hello / ismaster handshake, enumerates server build metadata via buildinfo, performs lightweight database name discovery using listDatabases with nameOnly, and explicitly terminates logical sessions using endSessions. This pattern reflects automated tooling or scripted workflows conducting deployment fingerprinting, access surface mapping, and compatibility validation prior to further database interaction.

mediumFtp Authenticated Directory Reconnaissance3x

FTP session where a client probes for valid usernames, attempts authentication, negotiates transfer settings (ASCII and UTF-8), retrieves the current working directory, changes directories, enters passive mode, issues directory listings, and sends NOOP to maintain the session. This sequence reflects structured post-authentication exploration of the FTP file system to map directory structure and available content.

lowFtp Passive Session Initialization44x

FTP session where the client authenticates, queries the working directory, sets transfer mode, and enters passive mode without performing any file transfer or directory listing.

lowFtp Passive Directory Listing25x

FTP session where the client enters passive mode (PASV) and issues a LIST command to retrieve a directory listing from the server.

infoHttps Root Path Request33x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request30x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get17x

HTTP request using GET method.

$ sikker primitives 34.53.175.198

mongodb_ismaster_topology_await_admin316 elastic_http_get_request223 ftp_print_working_directory146 mysql_select_app_tables_size_from_information_schema144 mysql_select_app_table_columns_from_information_schema144 elastic_root_path_probe133 smb_root_read79 ftp_set_ascii_mode76 ftp_enter_passive_mode76 mongodb_ismaster_hellook_client_env_kubernetes_pymongo75 ftp_set_utf873 ftp_user_probe73 ftp_password_attempt73 mongodb_buildinfo_admin_lsid_command46 elastic_http_bad_request_path_probe45 smb_srvsvc_rpc_bind44 smb_rpc_srvsvc_interface_access44 mongodb_hello_pymongo_kubernetes_linux_x86_6436 mongodb_listdatabases_nameonly_admin_lsid35 https_path_root34

$ sikker reports 34.53.175.198submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
Anonymous	May 9, 2026, 15:09	Brute Force	HTTPS	SikkerGuard: 14 blocked packets

$ sikker related 34.53.175.198

🇧🇪·More threats fromBelgium→AS·More threats fromGoogle LLC→FTP·More threats targetingFTP→MONG·More threats targetingMONGODB→ELAS·More threats targetingELASTICSEARCH→POST·More threats targetingPOSTGRES→SMB·More threats targetingSMB→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→MYSQ·More threats targetingMYSQL→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
35.241.166.201	100%	528
35.203.211.89	73%	135
34.122.222.227	45%	3
35.205.114.199	85%	21
35.233.42.65	100%	250

IP Address	Confidence	Events
35.241.166.201	100%	528
212.100.184.27	94%	2,141
35.205.114.199	85%	21
35.233.42.65	100%	250
35.187.13.22	100%	543