Loading threats
Identifies a MongoDB reconnaissance sequence where an actor initiates legacy authentication negotiation using the getnonce command followed by an isMaster topology discovery request that discloses client metadata for the mgo Go driver on a Linux amd64 system. This pattern reflects automated tooling or scripted clients performing server capability validation, authentication workflow testing, and environment fingerprinting prior to further database interaction.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 45.91.64.6 | 100% | 16,497 | 10,116 | 🇷🇺 RU | AS214664 | 2026-04-20 |
| 94.102.49.155 | 100% | 15,355 | 11,353 | 🇳🇱 NL | AS202425 | 2026-04-20 |
| 45.91.64.7 | 100% | 10,605 | 9,503 | 🇷🇺 RU | AS214664 | 2026-04-20 |
| 5.101.64.6 | 100% | 4,783 | 4,506 | 🇷🇺 RU | AS34665 | 2026-04-20 |
| 176.32.195.85 | 100% | 3,709 | 2,666 | 🇦🇲 AM | AS197834 | 2026-03-24 |