Check an IP Address, Domain Name, Subnet, or ASN

34.77.197.173 was found in our database!

$ whois 34.77.197.173

country·🇧🇪 Belgium

city·Brussels

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 34.77.197.173scoring →

confidence

92%Very High

first_seen·Apr 1, 2026

last_seen·44m ago

sessions·33

events·33

$ sikker protocols 34.77.197.173

MYSQL

9 / 9

FTP

6 / 6

POSTGRES

6 / 6

SMB

5 / 5

HTTPS

3 / 3

ELASTICSEARCH

3 / 3

HTTP

1 / 1

$ sikker summary 34.77.197.173

34.77.197.173 has a threat confidence score of 92%. This IP address from Belgium (AS396982, Google LLC) has been observed in 33 honeypot sessions targeting MYSQL, FTP, POSTGRES, SMB, HTTPS and 2 other protocols. First observed on April 1, 2026, most recently active April 7, 2026.

$ sikker behaviors 34.77.197.173catalog →

mediumSmb Remote Enumeration Via Samr And Srvsvc1x

Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.

lowFtp Passive Session Initialization2x

FTP session where the client authenticates, queries the working directory, sets transfer mode, and enters passive mode without performing any file transfer or directory listing.

lowFtp Passive Directory Listing1x

FTP session where the client enters passive mode (PASV) and issues a LIST command to retrieve a directory listing from the server.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 34.77.197.173

$ sikker related 34.77.197.173

🇧🇪·More threats fromBelgium→AS·More threats fromGoogle LLC→MYSQ·More threats targetingMYSQL→FTP·More threats targetingFTP→POST·More threats targetingPOSTGRES→SMB·More threats targetingSMB→HTTP·More threats targetingHTTPS→ELAS·More threats targetingELASTICSEARCH→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
147.185.132.114	97%	348
198.235.24.118	99%	378
198.235.24.192	98%	339
34.166.82.59	97%	410
35.205.68.100	94%	31

IP Address	Confidence	Events
34.140.251.161	100%	139
35.210.61.208	100%	1,351
35.205.68.100	93%	29
35.233.40.58	100%	199
34.53.158.15	96%	66