Check an IP Address, Domain Name, Subnet, or ASN

172.233.24.189 was found in our database!

$ whois 172.233.24.189

country·🇧🇷 Brazil

city·São Paulo

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 172.233.24.189scoring →

confidence

100%Very High

first_seen·Apr 17, 2026

last_seen·3h ago

sessions·66

events·66

$ sikker protocols 172.233.24.189

HTTPS

40 / 40

HTTP

26 / 26

$ sikker summary 172.233.24.189

172.233.24.189 has a threat confidence score of 100%. This IP address from Brazil (AS63949, Akamai Connected Cloud) has been observed in 66 honeypot sessions targeting HTTPS, HTTP protocols. Detected attack patterns include http dotenv file exposure probe, http git repository config exposure probe, https dotenv environment file exposure probe. First observed on April 17, 2026, most recently active April 19, 2026.

$ sikker behaviors 172.233.24.189catalog →

highHttp Dotenv File Exposure Probe13x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttp Git Repository Config Exposure Probe13x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

highHttps Dotenv Environment File Exposure Probe10x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

mediumHttps Dotgit Repository Configuration Exposure Probe10x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

$ sikker primitives 172.233.24.189

http_method_get26 http_path_dotenv13 http_path_dotgit_config13 https_path_dotenv10 https_path_dotgit_config10

$ sikker related 172.233.24.189

🇧🇷·More threats fromBrazil→AS·More threats fromAkamai Connected Cloud→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.236.228.38	94%	2,233
172.236.228.229	94%	2,062
172.104.93.159	71%	1,307
172.236.228.202	93%	2,236
45.79.207.111	87%	2,931

IP Address	Confidence	Events
191.254.254.24	78%	2,326
35.199.91.184	94%	1,609
200.18.165.18	41%	399
177.47.86.39	92%	78
187.45.95.66	100%	494