Loading threats
Unauthenticated or opportunistic client performs broad MongoDB environment reconnaissance across multiple databases (admin, config, local, production, test) including handshake probing, database statistics gathering, collection enumeration, and bulk document listing of sensitive application datasets (users, sessions, api_keys, payments, orders, secrets, audit logs). Activity escalates to destructive actions via repeated dropDatabase commands and concludes with insertion of a ransom note database (READ_ME_TO_RECOVER_YOUR_DATA). This behavior pattern is characteristic of automated internet-wide MongoDB exploitation campaigns involving data wiping, extortion messaging, and opportunistic post-access reconnaissance.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 64.89.163.131 | 100% | 46,186 | 9,300 | 🇬🇧 GB | AS401626 | 2026-04-06 |
| 64.89.163.132 | 100% | 45,793 | 8,812 | 🇬🇧 GB | AS401626 | 2026-04-06 |
| 64.89.163.130 | 100% | 41,032 | 8,362 | 🇬🇧 GB | AS401626 | 2026-04-05 |
| 64.89.163.243 | 100% | 11,812 | 11,399 | 🇬🇧 GB | AS401626 | 2026-04-06 |
| 64.89.163.86 | 100% | 11,093 | 7,605 | 🇬🇧 GB | AS401626 | 2026-04-06 |
| 45.156.87.10 |
| 100% |
| 10,967 |
| 10,852 |
| 🇳🇱 NL |
| AS51396 |
| 2026-04-06 |
| 64.89.163.85 | 100% | 8,374 | 5,741 | 🇬🇧 GB | AS401626 | 2026-04-06 |
| 64.89.163.87 | 100% | 8,319 | 6,450 | 🇬🇧 GB | AS401626 | 2026-04-06 |
| 176.65.132.93 | 100% | 7,620 | 7,443 | 🇩🇪 DE | AS51396 | 2026-04-06 |
| 185.242.3.71 | 100% | 5,028 | 5,024 | 🇳🇱 NL | AS60223 | 2026-04-06 |
| 176.65.132.39 | 100% | 4,838 | 4,765 | 🇩🇪 DE | AS51396 | 2026-04-06 |
| 45.156.87.252 | 100% | 4,368 | 4,149 | 🇳🇱 NL | AS51396 | 2026-04-06 |
| 176.65.132.141 | 100% | 4,052 | 3,968 | 🇩🇪 DE | AS51396 | 2026-04-04 |
| 45.156.87.119 | 100% | 2,971 | 2,970 | 🇳🇱 NL | AS51396 | 2026-04-06 |
| 43.228.157.45 | 100% | 2,419 | 2,286 | 🇵🇰 PK | AS205759 | 2026-04-06 |
| 45.156.87.7 | 100% | 2,361 | 2,322 | 🇳🇱 NL | AS51396 | 2026-04-06 |
| 64.89.163.244 | 100% | 2,213 | 2,136 | 🇬🇧 GB | AS401626 | 2026-04-06 |
| 64.89.163.245 | 100% | 1,907 | 1,796 | 🇬🇧 GB | AS401626 | 2026-04-06 |
| 176.65.132.107 | 100% | 1,406 | 1,406 | 🇩🇪 DE | AS51396 | 2026-04-06 |
| 45.153.34.81 | 100% | 1,305 | 1,305 | 🇳🇱 NL | AS51396 | 2026-04-05 |