Check an IP Address, Domain Name, Subnet, or ASN

77.83.39.9 was found in our database!

$ whois 77.83.39.9

country·🇺🇦 Ukraine

isp·Kprohost LLC

asn·AS214940

network·Standard

$ sikker risk 77.83.39.9scoring →

confidence

99%Very High

first_seen·Feb 10, 2026

last_seen·23h ago

sessions·106

events·108

$ sikker protocols 77.83.39.9

HTTPS

93 / 93

HTTP

13 / 15

$ sikker summary 77.83.39.9

77.83.39.9 has a threat confidence score of 99%. This IP address from Ukraine (AS214940, Kprohost LLC) has been observed in 106 honeypot sessions targeting HTTPS, HTTP protocols. Detected attack patterns include http dotenv file exposure probe, https dotenv environment file exposure probe, http git repository config exposure probe. First observed on February 10, 2026, most recently active April 29, 2026.

$ sikker behaviors 77.83.39.9catalog →

highHttp Dotenv File Exposure Probe9x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttps Dotenv Environment File Exposure Probe2x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

highHttp Git Repository Config Exposure Probe1x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

mediumHttps Dotgit Repository Configuration Exposure Probe83x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

$ sikker primitives 77.83.39.9

https_path_dotgit_config84 http_method_get10 http_path_dotenv9 https_path_dotenv2 http_path_dotgit_config1

$ sikker related 77.83.39.9

🇺🇦·More threats fromUkraine→AS·More threats fromKprohost LLC→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
77.83.39.241	72%	63
77.83.39.197	98%	479
45.144.212.50	81%	173
45.144.212.98	58%	20
77.83.39.67	92%	44

IP Address	Confidence	Events
94.178.152.136	63%	22
88.210.63.75	97%	25,056
77.83.39.241	72%	63
5.181.86.188	74%	121
5.181.86.179	98%	29,963