Check an IP Address, Domain Name, Subnet, or ASN

167.17.66.82 was found in our database!

$ whois 167.17.66.82

country·🇺🇸 United States

city·Dallas

isp·GTHost

asn·AS63023

network·Standard

$ sikker risk 167.17.66.82scoring →

confidence

86%Very High

first_seen·Feb 17, 2026

last_seen·28d ago

sessions·7

events·7

$ sikker protocols 167.17.66.82

HTTPS

7 / 7

$ sikker summary 167.17.66.82

167.17.66.82 has a threat confidence score of 86%. This IP address from United States (AS63023, GTHost) has been observed in 7 honeypot sessions targeting HTTPS protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on February 17, 2026, most recently active February 17, 2026.

$ sikker behaviors 167.17.66.82catalog →

highHttps Dotenv Environment File Exposure Probe7x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

$ sikker primitives 167.17.66.82

https_path_dotenv7

$ sikker related 167.17.66.82

🇺🇸·More threats fromUnited States→AS·More threats fromGTHost→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
82.22.21.41	92%	27
186.190.215.171	77%	11
186.190.215.48	93%	53
186.190.215.53	35%	2
216.106.191.55	30%	2

IP Address	Confidence	Events
92.118.39.95	100%	80,689
45.131.194.246	85%	1,281
208.3.195.65	100%	94,560
172.185.24.228	100%	713
92.118.39.62	100%	369,032