Check an IP Address, Domain Name, Subnet, or ASN

172.93.161.241 was found in our database!

$ whois 172.93.161.241

country·🇺🇸 United States

city·Chicago

isp·DataWagon LLC

asn·AS27176

network·Standard

$ sikker risk 172.93.161.241scoring →

confidence

95%Very High

first_seen·Mar 8, 2026

last_seen·10d ago

sessions·22

events·36

$ sikker protocols 172.93.161.241

HTTP

17 / 21

HTTPS

5 / 15

$ sikker summary 172.93.161.241

172.93.161.241 has a threat confidence score of 95%. This IP address from United States (AS27176, DataWagon LLC) has been observed in 22 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include http dotenv file exposure probe, https dotenv environment file exposure probe. First observed on March 8, 2026, most recently active March 9, 2026.

$ sikker behaviors 172.93.161.241catalog →

highHttp Dotenv File Exposure Probe6x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 172.93.161.241

http_method_get15 http_path_dotenv8 http_phpunit_eval_stdin_php_path_access7 http_body_androxgh0st_marker2 https_path_root1 https_path_dotenv1

$ sikker related 172.93.161.241

🇺🇸·More threats fromUnited States→AS·More threats fromDataWagon LLC→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.81.133.211	66%	60
104.245.105.2	51%	4
104.192.0.106	46%	7
104.219.236.127	30%	2
155.94.163.192	58%	44

IP Address	Confidence	Events
154.16.112.232	100%	337,489
13.89.125.19	68%	140
162.142.125.115	30%	2,954
147.185.132.23	69%	175
167.94.138.200	30%	1,987