Check an IP Address, Domain Name, Subnet, or ASN

141.140.0.32 was found in our database!

$ whois 141.140.0.32

country·🇺🇸 United States

city·Phoenix

isp·GTHost

asn·AS63023

network·Standard

$ sikker risk 141.140.0.32scoring →

confidence

87%Very High

first_seen·Feb 17, 2026

last_seen·17d ago

sessions·86

events·86

$ sikker protocols 141.140.0.32

HTTPS

53 / 53

HTTP

27 / 27

FTP

2 / 2

SSH

2 / 2

MYSQL

2 / 2

$ sikker summary 141.140.0.32

141.140.0.32 has a threat confidence score of 87%. This IP address from United States (AS63023, GTHost) has been observed in 86 honeypot sessions targeting HTTPS, HTTP, FTP, SSH, MYSQL protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on February 17, 2026, most recently active March 1, 2026.

$ sikker behaviors 141.140.0.32catalog →

highHttps Dotenv Environment File Exposure Probe2x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttps Root Path Request5x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 141.140.0.32

https_path_root11 ssh_uname_all2 ftp_user_probe2 http_method_get2 https_path_dotenv2 ftp_password_attempt2 mysql_show_databases2 ssh_id_identity_query2 mysql_set_names_utf8mb42 https_path_dotgit_config2 mysql_disable_autocommit2 ssh_whoami_user_identity2 ssh_pwd_current_directory2 sql_enumerate_tables_capital2 ssh_nproc_available_cpu_count2 https_phpunit_eval_stdin_rce_probe2 https_path_config_json1 http_path_doc_page_login_asp_access1

$ sikker related 141.140.0.32

🇺🇸·More threats fromUnited States→AS·More threats fromGTHost→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→FTP·More threats targetingFTP→SSH·More threats targetingSSH→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
82.22.21.41	88%	22
186.190.215.171	77%	11
186.190.215.48	93%	53
186.190.215.53	35%	2
216.106.191.55	30%	2

IP Address	Confidence	Events
45.131.194.246	85%	1,180
162.254.3.130	87%	12,214
92.118.39.87	100%	248,135
144.172.105.60	98%	14,456
92.118.39.62	100%	368,967