Loading threats
Issues an isMaster (hello handshake) command that includes helloOk:true and attempts speculative authentication using the SCRAM-SHA-256 mechanism against the admin database, advertising supported SASL mechanisms (admin.admin) and providing client metadata indicating the official MongoDB Go driver running on Linux (amd64), likely from a containerized environment. This primitive reflects early-stage authentication negotiation and capability probing during connection establishment.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 103.27.108.70 | 96% | 209 | 209 | 🇭🇰 HK | AS132883 | 2026-03-21 |
| 103.87.9.174 | 93% | 140 | 104 | 🇭🇰 HK | AS132883 | 2026-03-21 |
| 103.27.109.179 | 87% | 57 | 57 | 🇭🇰 HK | AS132883 | 2026-03-21 |