Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
34.78.23.28 has a threat confidence score of 100%. This IP address from Belgium (AS396982, Google LLC) has been observed in 174 honeypot sessions targeting MONGODB, FTP, SMB, ELASTICSEARCH, POSTGRES and 3 other protocols. Detected attack patterns include smb ipc netlogon samr srvsvc rpc chain. First observed on March 28, 2026, most recently active April 26, 2026.
Session containing IPC$ share access, NETLOGON share access, root directory read, SAMR RPC bind, and SRVSVC pipe open with subsequent RPC bind. Represents this specific chained SMB RPC interaction pattern within a single session.
Identifies a structured MongoDB reconnaissance sequence performed by a modern PyMongo client operating from a Kubernetes-orchestrated Linux container. The actor negotiates server capabilities using a hello / ismaster handshake, enumerates server build metadata via buildinfo, performs lightweight database name discovery using listDatabases with nameOnly, and explicitly terminates logical sessions using endSessions. This pattern reflects automated tooling or scripted workflows conducting deployment fingerprinting, access surface mapping, and compatibility validation prior to further database interaction.
FTP session where the client authenticates, queries the working directory, sets transfer mode, and enters passive mode without performing any file transfer or directory listing.
FTP session where the client enters passive mode (PASV) and issues a LIST command to retrieve a directory listing from the server.
Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.
Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration
HTTP request using GET method.