Check an IP Address, Domain Name, Subnet, or ASN

163.192.99.169 was found in our database!

$ whois 163.192.99.169

country·🇺🇸 United States

city·Chicago

isp·Oracle Corporation

asn·AS31898

network·Standard

$ sikker risk 163.192.99.169scoring →

confidence

98%Very High

first_seen·Mar 23, 2026

last_seen·1h ago

sessions·150

events·150

$ sikker protocols 163.192.99.169

HTTP

81 / 81

HTTPS

69 / 69

$ sikker summary 163.192.99.169

163.192.99.169 has a threat confidence score of 98%. This IP address from United States (AS31898, Oracle Corporation) has been observed in 150 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include http dotenv file exposure probe, http git repository config exposure probe. First observed on March 23, 2026, most recently active March 23, 2026.

$ sikker behaviors 163.192.99.169catalog →

highHttp Dotenv File Exposure Probe3x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttp Git Repository Config Exposure Probe3x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

infoHttps Root Path Request30x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request13x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 163.192.99.169

http_method_get121 https_path_root53 http_path_doc_page_login_asp_access22 http_path_dotenv3 http_path_bad_request3 http_path_dotgit_config3 https_path_dotgit_config3 http_git_head_file_access3 https_path_dotenv2 https_git_head_file_access2

$ sikker related 163.192.99.169

🇺🇸·More threats fromUnited States→AS·More threats fromOracle Corporation→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
146.56.175.64	47%	115
132.145.254.69	75%	3
193.123.245.198	100%	1,014
158.178.137.15	100%	274
66.116.210.131	98%	26

IP Address	Confidence	Events
87.121.84.78	99%	5,220
217.216.48.10	95%	750
66.132.172.99	95%	52
91.230.168.187	60%	83
66.132.172.103	95%	156