Loading threats
Captures execution of the MongoDB {"getnonce": 1} command, which requests an authentication nonce from the server as part of legacy challenge–response authentication workflows. This primitive reflects early-stage connection or authentication probing where a client or automated scanner attempts to initiate an authentication exchange and verify server responsiveness or configuration.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 45.91.64.6 | 100% | 14,725 | 8,344 | 🇷🇺 RU | AS214664 | 2026-03-21 |
| 94.102.49.155 | 100% | 12,134 | 8,132 | 🇳🇱 NL | AS202425 | 2026-03-21 |
| 45.91.64.7 | 100% | 7,240 | 6,141 | 🇷🇺 RU | AS214664 | 2026-03-21 |
| 5.101.64.6 | 100% | 2,742 | 2,465 | 🇷🇺 RU | AS34665 | 2026-03-21 |
| 118.193.40.131 | 98% | 691 | 488 | 🇭🇰 HK | AS135377 | 2026-03-21 |
| 101.36.108.178 | 98% | 667 | 440 | 🇭🇰 HK | AS135377 | 2026-03-20 |
| 45.142.154.93 | 99% | 662 | 450 | 🇭🇰 HK | AS9465 | 2026-03-21 |
| 101.36.111.179 | 97% | 566 | 382 | 🇭🇰 HK | AS135377 | 2026-03-20 |
| 45.142.154.97 | 89% | 538 | 346 | 🇭🇰 HK | AS9465 | 2026-03-20 |
| 152.32.251.174 | 97% | 521 | 385 | 🇭🇰 HK | AS135377 | 2026-03-20 |
| 128.1.132.136 | 96% | 506 | 330 | 🇭🇰 HK | AS135377 | 2026-03-21 |
| 118.193.46.233 | 98% | 504 | 330 | 🇭🇰 HK | AS135377 | 2026-03-21 |
| 152.32.133.174 | 96% | 498 | 333 | 🇭🇰 HK | AS135377 | 2026-03-21 |
| 45.249.246.82 | 97% | 496 | 297 | 🇭🇰 HK | AS135377 | 2026-03-20 |
| 45.142.154.45 | 96% | 468 | 307 | 🇭🇰 HK | AS9465 | 2026-03-21 |
| 45.142.154.12 | 98% | 453 | 339 | 🇭🇰 HK | AS9465 | 2026-03-21 |
| 152.32.213.168 | 99% | 442 | 329 | 🇭🇰 HK | AS135377 | 2026-03-21 |
| 45.142.154.94 | 97% | 420 | 297 | 🇭🇰 HK | AS9465 | 2026-03-20 |
| 152.32.226.203 | 93% | 419 | 336 | 🇭🇰 HK | AS135377 | 2026-03-21 |
| 45.142.154.103 | 97% | 410 | 291 | 🇭🇰 HK | AS9465 | 2026-03-20 |