Check an IP Address, Domain Name, Subnet, or ASN

34.79.24.134 was found in our database!

$ whois 34.79.24.134

country·🇧🇪 Belgium

city·Brussels

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 34.79.24.134scoring →

confidence

90%Very High

first_seen·Mar 27, 2026

last_seen·41m ago

sessions·24

events·24

$ sikker protocols 34.79.24.134

MONGODB

17 / 17

POSTGRES

3 / 3

FTP

2 / 2

HTTPS

1 / 1

MYSQL

1 / 1

$ sikker summary 34.79.24.134

34.79.24.134 has a threat confidence score of 90%. This IP address from Belgium (AS396982, Google LLC) has been observed in 24 honeypot sessions targeting MONGODB, POSTGRES, FTP, HTTPS, MYSQL protocols. First observed on March 27, 2026, most recently active March 27, 2026.

$ sikker behaviors 34.79.24.134catalog →

mediumMongodb Containerized Pymongo Environment Enumeration5x

Identifies a structured MongoDB reconnaissance sequence performed by a modern PyMongo client operating from a Kubernetes-orchestrated Linux container. The actor negotiates server capabilities using a hello / ismaster handshake, enumerates server build metadata via buildinfo, performs lightweight database name discovery using listDatabases with nameOnly, and explicitly terminates logical sessions using endSessions. This pattern reflects automated tooling or scripted workflows conducting deployment fingerprinting, access surface mapping, and compatibility validation prior to further database interaction.

lowFtp Passive Session Initialization1x

FTP session where the client authenticates, queries the working directory, sets transfer mode, and enters passive mode without performing any file transfer or directory listing.

$ sikker primitives 34.79.24.134

mongodb_ismaster_topology_await_admin35 mongodb_ismaster_hellook_client_env_kubernetes_pymongo9 mysql_select_app_tables_size_from_information_schema8 mysql_select_app_table_columns_from_information_schema8 mongodb_endSessions_admin_command5 mongodb_buildinfo_admin_lsid_command5 mongodb_listdatabases_nameonly_admin_lsid5 mongodb_hello_pymongo_kubernetes_linux_x86_645 ftp_print_working_directory2 ftp_set_utf81 ftp_user_probe1 ftp_set_ascii_mode1 ftp_password_attempt1 ftp_enter_passive_mode1 mysql_set_names_utf8mb31 mysql_disable_autocommit1 mysql_show_tables_from_app1 mysql_transaction_rollback1 mysql_show_tables_from_logs1 mysql_select_version_uppercase1

$ sikker related 34.79.24.134

🇧🇪·More threats fromBelgium→AS·More threats fromGoogle LLC→MONG·More threats targetingMONGODB→POST·More threats targetingPOSTGRES→FTP·More threats targetingFTP→HTTP·More threats targetingHTTPS→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
35.233.95.0	100%	1,566
35.195.138.45	100%	86
34.14.23.97	98%	105
34.155.183.47	87%	1,666
35.187.13.22	98%	68

IP Address	Confidence	Events
212.100.184.27	94%	484
85.201.9.56	25%	5
35.187.13.22	98%	68
34.53.175.198	100%	142
34.52.186.237	99%	110