Check an IP Address, Domain Name, Subnet, or ASN

158.173.36.27 was found in our database!

$ whois 158.173.36.27

country·🇪🇸 Spain

city·Barcelona

isp·M247 Europe SRL

asn·AS9009

network·Standard

$ sikker risk 158.173.36.27scoring →

confidence

81%Very High

first_seen·Mar 9, 2026

last_seen·14d ago

sessions·439

events·440

$ sikker protocols 158.173.36.27

RDP

437 / 438

HTTP

2 / 2

$ sikker summary 158.173.36.27

158.173.36.27 has a threat confidence score of 81%. This IP address from Spain (AS9009, M247 Europe SRL) has been observed in 439 honeypot sessions targeting RDP, HTTP protocols. Detected attack patterns include http dotenv file exposure probe. First observed on March 9, 2026, most recently active April 5, 2026.

$ sikker behaviors 158.173.36.27catalog →

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 158.173.36.27

http_method_get2 http_path_dotenv1

$ sikker related 158.173.36.27

🇪🇸·More threats fromSpain→AS·More threats fromM247 Europe SRL→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.15.23.108	23%	1
37.120.213.13	100%	1,017
146.70.170.19	41%	1
146.70.55.228	42%	2
157.254.104.185	29%	9

IP Address	Confidence	Events
187.33.155.173	95%	864
46.27.3.4	57%	33
46.37.66.191	100%	463
85.62.33.188	31%	183
195.170.172.225	83%	701