Check an IP Address, Domain Name, Subnet, or ASN

155.117.232.221 was found in our database!

$ whois 155.117.232.221

country·🇺🇸 United States

isp·12651980 CANADA INC.

asn·AS399486

network·Standard

$ sikker risk 155.117.232.221scoring →

confidence

100%Very High

first_seen·Mar 13, 2026

last_seen·5d ago

sessions·441

events·441

$ sikker protocols 155.117.232.221

HTTP

346 / 346

SSH

32 / 32

MYSQL

32 / 32

HTTPS

31 / 31

$ sikker summary 155.117.232.221

155.117.232.221 has a threat confidence score of 100%. This IP address from United States (AS399486, 12651980 CANADA INC.) has been observed in 441 honeypot sessions targeting HTTP, SSH, MYSQL, HTTPS protocols. Detected attack patterns include http dotenv file exposure probe, http git repository config exposure probe, androxgh0st payload probe. First observed on March 13, 2026, most recently active March 13, 2026.

$ sikker behaviors 155.117.232.221catalog →

highHttp Dotenv File Exposure Probe58x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttp Git Repository Config Exposure Probe31x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

highAndroxgh0st Payload Probe30x

Identifies HTTP requests containing the androxgh0st payload marker in the request body, indicative of automated exploitation or scanning activity associated with Androxgh0st campaigns targeting exposed web applications and misconfigured services.

infoHttp Root Path Request118x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request31x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 155.117.232.221

http_method_get651 http_phpunit_eval_stdin_php_path_access62 http_path_dotenv58 mysql_show_databases32 http_path_dotgit_config32 mysql_set_names_utf8mb432 mysql_disable_autocommit32 ssh_echo_semicolon_uname_a_sequence32 https_path_root31 http_body_androxgh0st_marker30

$ sikker related 155.117.232.221

🇺🇸·More threats fromUnited States→AS·More threats from12651980 CANADA INC.→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→MYSQ·More threats targetingMYSQL→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
163.5.210.130	23%	1
155.117.232.53	100%	1,298
80.76.49.212	23%	1
155.117.232.52	77%	234
151.245.121.24	68%	3

IP Address	Confidence	Events
45.131.194.246	85%	1,180
162.254.3.130	87%	12,214
92.118.39.87	100%	248,135
144.172.105.60	98%	14,456
92.118.39.62	100%	368,967