Check an IP Address, Domain Name, Subnet, or ASN

104.192.1.66 was found in our database!

$ whois 104.192.1.66

country·🇺🇸 United States

isp·DataWagon LLC

asn·AS27176

network·Standard

$ sikker risk 104.192.1.66scoring →

confidence

99%Very High

first_seen·Mar 21, 2026

last_seen·14d ago

sessions·212

events·216

$ sikker protocols 104.192.1.66

HTTPS

148 / 152

HTTP

64 / 64

$ sikker summary 104.192.1.66

104.192.1.66 has a threat confidence score of 99%. This IP address from United States (AS27176, DataWagon LLC) has been observed in 212 honeypot sessions targeting HTTPS, HTTP protocols. Detected attack patterns include http dotenv file exposure probe. First observed on March 21, 2026, most recently active April 6, 2026.

$ sikker behaviors 104.192.1.66catalog →

highHttp Dotenv File Exposure Probe6x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

mediumHttps Dotgit Repository Configuration Exposure Probe37x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

infoHttp Root Path Request49x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request24x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 104.192.1.66

http_method_get59 https_path_dotgit_config39 https_path_root24 http_path_dotenv6 https_git_head_file_access4 http_path_config_json2

$ sikker related 104.192.1.66

🇺🇸·More threats fromUnited States→AS·More threats fromDataWagon LLC→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
155.94.139.220	100%	169
104.192.3.74	28%	1
23.95.217.65	40%	24
172.81.130.68	80%	35
45.119.211.254	85%	45

IP Address	Confidence	Events
170.205.31.254	99%	11,932
162.81.53.194	39%	4
45.79.158.58	92%	36
154.127.53.181	96%	137
45.79.162.237	23%	1