Check an IP Address, Domain Name, Subnet, or ASN

193.26.115.13 was found in our database!

$ whois 193.26.115.13

country·🇺🇸 United States

city·Miami

isp·1337 Services GmbH

asn·AS210558

network·Standard

$ sikker risk 193.26.115.13scoring →

confidence

100%Very High

first_seen·Mar 12, 2026

last_seen·12h ago

sessions·154

events·154

$ sikker protocols 193.26.115.13

HTTPS

72 / 72

HTTP

67 / 67

SSH

15 / 15

$ sikker summary 193.26.115.13

193.26.115.13 has a threat confidence score of 100%. This IP address from United States (AS210558, 1337 Services GmbH) has been observed in 154 honeypot sessions targeting HTTPS, HTTP, SSH protocols. Detected attack patterns include http dotenv file exposure probe, https dotenv environment file exposure probe. First observed on March 12, 2026, most recently active March 18, 2026.

$ sikker behaviors 193.26.115.13catalog →

highHttp Dotenv File Exposure Probe21x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttps Dotenv Environment File Exposure Probe14x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttps Root Path Request22x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 193.26.115.13

http_method_get41 https_path_root22 http_path_dotenv21 http_phpunit_eval_stdin_php_path_access20 ssh_echo_semicolon_uname_a_sequence15 https_path_dotenv14

$ sikker related 193.26.115.13

🇺🇸·More threats fromUnited States→AS·More threats from1337 Services GmbH→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
193.26.115.213	69%	335
2.58.56.55	85%	36
45.138.16.57	72%	4
185.241.208.45	87%	138
185.241.208.162	73%	416

IP Address	Confidence	Events
206.168.34.195	30%	2,083
92.118.39.95	100%	80,681
167.94.138.185	30%	2,584
198.235.24.125	92%	281
205.210.31.37	94%	210