Check an IP Address, Domain Name, Subnet, or ASN

105.77.194.73 was found in our database!

$ whois 105.77.194.73

country·🇲🇦 Morocco

city·Casablanca

isp·MAROCCONNECT

asn·AS36884

network·Standard

$ sikker risk 105.77.194.73scoring →

confidence

80%Very High

first_seen·Feb 26, 2026

last_seen·22d ago

sessions·25

events·25

$ sikker protocols 105.77.194.73

HTTPS

25 / 25

$ sikker summary 105.77.194.73

105.77.194.73 has a threat confidence score of 80%. This IP address from Morocco (AS36884, MAROCCONNECT) has been observed in 25 honeypot sessions targeting HTTPS protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on February 26, 2026, most recently active February 26, 2026.

$ sikker behaviors 105.77.194.73catalog →

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 105.77.194.73

https_path_root3 https_path_dotenv1 https_path_dotgit_config1 https_path_dotaws_credentials1

$ sikker related 105.77.194.73

🇲🇦·More threats fromMorocco→AS·More threats fromMAROCCONNECT→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
197.145.153.62	52%	12
41.137.193.204	46%	5
105.68.135.35	44%	6
105.71.144.208	23%	1
197.144.110.171	23%	1

IP Address	Confidence	Events
81.192.46.29	100%	933
154.146.238.122	52%	426
160.174.129.232	100%	741
81.192.46.49	100%	1,144
102.53.12.221	18%	32