Check an IP Address, Domain Name, Subnet, or ASN

209.245.235.81 was found in our database!

$ whois 209.245.235.81

country·🇺🇸 United States

city·Dallas

isp·Level 3 Parent, LLC

asn·AS3356

network·Standard

$ sikker risk 209.245.235.81scoring →

confidence

94%Very High

first_seen·Feb 26, 2026

last_seen·11d ago

sessions·44

events·44

$ sikker protocols 209.245.235.81

HTTPS

32 / 32

HTTP

11 / 11

RDP

1 / 1

$ sikker summary 209.245.235.81

209.245.235.81 has a threat confidence score of 94%. This IP address from United States (AS3356, Level 3 Parent, LLC) has been observed in 44 honeypot sessions targeting HTTPS, HTTP, RDP protocols. Detected attack patterns include https dotenv environment file exposure probe, http dotenv file exposure probe. First observed on February 26, 2026, most recently active March 9, 2026.

$ sikker behaviors 209.245.235.81catalog →

highHttps Dotenv Environment File Exposure Probe6x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

highHttp Dotenv File Exposure Probe2x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 209.245.235.81

https_path_dotenv6 http_method_get4 http_path_dotenv2 http_path_bad_request1

$ sikker related 209.245.235.81

🇺🇸·More threats fromUnited States→AS·More threats fromLevel 3 Parent, LLC→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
4.16.252.229	41%	282
8.245.17.190	95%	22
8.243.169.150	77%	5
8.243.50.114	100%	665
205.169.39.19	25%	2

IP Address	Confidence	Events
208.3.195.65	100%	96,889
92.118.39.63	100%	49,107
162.254.3.130	87%	15,273
45.79.187.143	23%	1
206.168.34.39	49%	1,519