Check an IP Address, Domain Name, Subnet, or ASN

192.42.116.53 was found in our database!

$ whois 192.42.116.53

country·🇳🇱 The Netherlands

isp·Church of Cyberology

asn·AS215125

network·Tor Exit Node

$ sikker risk 192.42.116.53scoring →

confidence

83%Very High

first_seen·Apr 1, 2026

last_seen·16h ago

sessions·42

events·42

$ sikker protocols 192.42.116.53

POSTGRES

29 / 29

SMB

10 / 10

SSH

1 / 1

HTTP

1 / 1

HTTPS

1 / 1

$ sikker summary 192.42.116.53

192.42.116.53 has a threat confidence score of 83%. This IP address from The Netherlands (AS215125, Church of Cyberology) has been observed in 42 honeypot sessions targeting POSTGRES, SMB, SSH, HTTP, HTTPS protocols. This IP is a known Tor exit node. Detected attack patterns include http dotenv file exposure probe, smb authenticated rpc service and account enumeration. First observed on April 1, 2026, most recently active April 18, 2026.

$ sikker behaviors 192.42.116.53catalog →

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highSmb Authenticated Rpc Service And Account Enumeration1x

Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.

$ sikker primitives 192.42.116.53

smb_ipc_share_access6 smb_empty_rpc_call5 smb_root_read4 smb_srvsvc_rpc_bind2 smb_data_share_access2 smb_netlogon_share_access2 smb_rpc_srvsvc_interface_access2 http_method_get1 http_path_dotenv1 smb_samr_rpc_bind1 smb_srvsvc_pipe_open1 smb_backup_share_access1

$ sikker related 192.42.116.53

🇳🇱·More threats fromThe Netherlands→AS·More threats fromChurch of Cyberology→POST·More threats targetingPOSTGRES→SMB·More threats targetingSMB→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
192.42.116.143	51%	39
192.42.116.15	79%	117
192.42.116.47	70%	78
192.42.116.16	79%	115
192.42.116.96	67%	65

IP Address	Confidence	Events
130.12.180.30	84%	101
176.65.148.203	96%	2,180
130.12.180.51	100%	26,480
93.174.93.12	97%	13,280
45.66.35.28	23%	1