Check an IP Address, Domain Name, Subnet, or ASN

34.78.28.28 was found in our database!

$ whois 34.78.28.28

country·🇧🇪 Belgium

city·Brussels

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 34.78.28.28scoring →

confidence

77%High

first_seen·Mar 23, 2026

last_seen·39m ago

sessions·8

events·8

$ sikker protocols 34.78.28.28

MONGODB

3 / 3

HTTPS

2 / 2

HTTP

1 / 1

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 34.78.28.28

34.78.28.28 has a threat confidence score of 77%. This IP address from Belgium (AS396982, Google LLC) has been observed in 8 honeypot sessions targeting MONGODB, HTTPS, HTTP, DOCKER, ELASTICSEARCH protocols. First observed on March 23, 2026, most recently active March 23, 2026.

$ sikker behaviors 34.78.28.28catalog →

mediumMongodb Containerized Pymongo Environment Enumeration1x

Identifies a structured MongoDB reconnaissance sequence performed by a modern PyMongo client operating from a Kubernetes-orchestrated Linux container. The actor negotiates server capabilities using a hello / ismaster handshake, enumerates server build metadata via buildinfo, performs lightweight database name discovery using listDatabases with nameOnly, and explicitly terminates logical sessions using endSessions. This pattern reflects automated tooling or scripted workflows conducting deployment fingerprinting, access surface mapping, and compatibility validation prior to further database interaction.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 34.78.28.28

mongodb_ismaster_topology_await_admin7 elastic_http_get_request3 mongodb_ismaster_hellook_client_env_kubernetes_pymongo2 http_method_get1 https_path_root1 docker_get_method1 elastic_root_path_probe1 mongodb_endSessions_admin_command1 elastic_http_bad_request_path_probe1 mongodb_buildinfo_admin_lsid_command1 mongodb_listdatabases_nameonly_admin_lsid1 mongodb_hello_pymongo_kubernetes_linux_x86_641

$ sikker related 34.78.28.28

🇧🇪·More threats fromBelgium→AS·More threats fromGoogle LLC→MONG·More threats targetingMONGODB→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
34.79.180.31	100%	664
35.202.9.133	87%	1,565
35.222.117.243	100%	977
34.140.251.161	99%	68
34.53.175.198	99%	88

IP Address	Confidence	Events
130.211.93.147	73%	6
34.52.195.59	96%	38
34.53.160.242	86%	13
34.53.178.236	98%	74
34.53.175.198	99%	87