Check an IP Address, Domain Name, Subnet, or ASN

172.245.21.201 was found in our database!

$ whois 172.245.21.201

country·🇺🇸 United States

city·Los Angeles

isp·HostPapa

asn·AS36352

network·Standard

$ sikker risk 172.245.21.201scoring →

confidence

78%High

first_seen·Mar 28, 2026

last_seen·21m ago

sessions·28

events·28

$ sikker protocols 172.245.21.201

HTTPS

28 / 28

$ sikker summary 172.245.21.201

172.245.21.201 has a threat confidence score of 78%. This IP address from United States (AS36352, HostPapa) has been observed in 28 honeypot sessions targeting HTTPS protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on March 28, 2026, most recently active March 28, 2026.

$ sikker behaviors 172.245.21.201catalog →

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

$ sikker primitives 172.245.21.201

https_path_dotenv1 https_path_app_dotenv1 https_path_dotenv_local1 https_path_dotenv_staging1 https_path_dotenv_production1

$ sikker related 172.245.21.201

🇺🇸·More threats fromUnited States→AS·More threats fromHostPapa→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
192.210.186.10	100%	2,470
23.95.86.214	89%	527
192.3.130.87	98%	30
23.95.157.32	33%	7
107.174.189.2	17%	22

IP Address	Confidence	Events
152.7.176.94	80%	23
144.172.105.188	94%	16,897
92.118.39.63	100%	61,168
68.68.101.178	94%	21,460
205.210.31.147	91%	176