Check an IP Address, Domain Name, Subnet, or ASN

172.234.203.40 was found in our database!

$ whois 172.234.203.40

country·🇺🇸 United States

city·Chicago

isp·Akamai Connected Cloud

asn·AS63949

network·Standard

$ sikker risk 172.234.203.40scoring →

confidence

100%Very High

first_seen·Apr 8, 2026

last_seen·2d ago

sessions·116

events·116

$ sikker protocols 172.234.203.40

HTTP

60 / 60

HTTPS

56 / 56

$ sikker summary 172.234.203.40

172.234.203.40 has a threat confidence score of 100%. This IP address from United States (AS63949, Akamai Connected Cloud) has been observed in 116 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include http git repository config exposure probe, http dotenv file exposure probe, https dotenv environment file exposure probe. First observed on April 8, 2026, most recently active April 12, 2026.

$ sikker behaviors 172.234.203.40catalog →

highHttp Git Repository Config Exposure Probe30x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

highHttp Dotenv File Exposure Probe29x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttps Dotenv Environment File Exposure Probe13x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

mediumHttps Dotgit Repository Configuration Exposure Probe14x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

$ sikker primitives 172.234.203.40

http_method_get59 http_path_dotgit_config30 http_path_dotenv29 https_path_dotgit_config14 https_path_dotenv13

$ sikker related 172.234.203.40

🇺🇸·More threats fromUnited States→AS·More threats fromAkamai Connected Cloud→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.104.93.159	71%	1,243
45.79.207.181	87%	2,887
45.79.5.11	87%	2,405
69.164.217.245	93%	2,606
173.255.229.72	30%	2

IP Address	Confidence	Events
98.159.233.48	71%	86
64.64.116.16	67%	53
181.215.65.70	71%	85
162.216.149.54	65%	189
92.118.39.56	100%	122,240