Check an IP Address, Domain Name, Subnet, or ASN

93.123.109.247 was found in our database!

$ whois 93.123.109.247

country·🇧🇬 Bulgaria

isp·Techoff Srv Limited

asn·AS48090

network·Standard

$ sikker risk 93.123.109.247scoring →

confidence

99%Very High

first_seen·Apr 2, 2026

last_seen·2h ago

sessions·162

events·162

$ sikker protocols 93.123.109.247

HTTPS

148 / 148

HTTP

14 / 14

$ sikker summary 93.123.109.247

93.123.109.247 has a threat confidence score of 99%. This IP address from Bulgaria (AS48090, Techoff Srv Limited) has been observed in 162 honeypot sessions targeting HTTPS, HTTP protocols. Detected attack patterns include http dotenv file exposure probe, https dotenv environment file exposure probe. First observed on April 2, 2026, most recently active April 8, 2026.

$ sikker behaviors 93.123.109.247catalog →

highHttp Dotenv File Exposure Probe2x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttps Dotenv Environment File Exposure Probe2x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

mediumHttps Git Hooks Sample File Access1x

Request to /.git/hooks/update.sample, indicating an attempt to access a sample Git hook file within a potentially exposed .git directory.

mediumHttps Git Info Exclude File Access1x

Request to /.git/info/exclude, indicating an attempt to access a repository-specific Git ignore configuration file within a potentially exposed .git directory.

mediumHttps Dotgit Repository Configuration Exposure Probe1x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

mediumHttps Git Hooks Prepare Commit Msg Sample File Access1x

Request to /.git/hooks/prepare-commit-msg.sample, indicating an attempt to access a sample Git hook file within a potentially exposed .git directory.

infoHttps Root Path Request7x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 93.123.109.247

https_path_root12 https_path_dotaws_credentials6 https_path_config_json5 https_path_dotenv4 https_path_dotgit_config4 http_method_get3 https_vscode_sftp_json_path_probe3 http_path_dotenv2 https_git_head_file_access2 https_path_dotenv_local1 https_path_dotenv_production1 https_git_info_exclude_file_request1 https_git_hooks_update_sample_file_request1 https_git_hooks_prepare_commit_msg_sample_file_request1

$ sikker related 93.123.109.247

🇧🇬·More threats fromBulgaria→AS·More threats fromTechoff Srv Limited→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
195.178.110.26	100%	7,735
195.178.110.30	100%	418,771
45.148.10.240	100%	532,623
45.148.10.192	100%	29,919
195.178.110.246	100%	1,116

IP Address	Confidence	Events
195.178.110.26	100%	7,816
195.178.110.204	66%	37
85.187.82.120	35%	2
85.11.167.2	93%	39,191
192.109.200.221	79%	659