Check an IP Address, Domain Name, Subnet, or ASN

37.120.210.219 was found in our database!

$ whois 37.120.210.219

country·🇯🇵 Japan

city·Tokyo

isp·M247 Europe SRL

asn·AS9009

network·Standard

$ sikker risk 37.120.210.219scoring →

confidence

90%Very High

first_seen·Mar 27, 2026

last_seen·2h ago

sessions·96

events·96

$ sikker protocols 37.120.210.219

SSH

48 / 48

REDIS

23 / 23

HTTPS

15 / 15

HTTP

8 / 8

MYSQL

2 / 2

$ sikker summary 37.120.210.219

37.120.210.219 has a threat confidence score of 90%. This IP address from Japan (AS9009, M247 Europe SRL) has been observed in 96 honeypot sessions targeting SSH, REDIS, HTTPS, HTTP, MYSQL protocols. Detected attack patterns include http dotenv file exposure probe. First observed on March 27, 2026, most recently active March 28, 2026.

$ sikker behaviors 37.120.210.219catalog →

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 37.120.210.219

http_method_get5 ssh_ls_long_all_directory_listing_absolute4 redis_ping3 https_path_root3 mysql_set_names_utf8mb42 ssh_pwd_current_directory2 http_path_dotenv1 https_path_dotenv_local1 https_path_dotenv_production1 ssh_which_command_resolution1 https_path_dotenv_development1

$ sikker related 37.120.210.219

🇯🇵·More threats fromJapan→AS·More threats fromM247 Europe SRL→SSH·More threats targetingSSH→REDI·More threats targetingREDIS→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.253.162.4	35%	3
198.56.0.116	25%	5
157.254.69.213	33%	7
198.190.7.103	20%	3
198.56.2.68	37%	9

IP Address	Confidence	Events
43.128.233.120	97%	4,413
58.98.197.137	100%	2,108
43.163.194.245	93%	138
13.158.27.71	97%	8,490
220.219.192.126	29%	6