Check an IP Address, Domain Name, Subnet, or ASN

168.100.9.75 was found in our database!

$ whois 168.100.9.75

country·🇳🇱 The Netherlands

city·Amsterdam

isp·BL Networks

asn·AS399629

network·Standard

$ sikker risk 168.100.9.75scoring →

confidence

93%Very High

first_seen·Mar 14, 2026

last_seen·3d ago

sessions·240

events·240

$ sikker protocols 168.100.9.75

HTTPS

140 / 140

HTTP

100 / 100

$ sikker summary 168.100.9.75

168.100.9.75 has a threat confidence score of 93%. This IP address from The Netherlands (AS399629, BL Networks) has been observed in 240 honeypot sessions targeting HTTPS, HTTP protocols. Detected attack patterns include http dotenv file exposure probe, http git repository config exposure probe. First observed on March 14, 2026, most recently active April 18, 2026.

$ sikker behaviors 168.100.9.75catalog →

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttp Git Repository Config Exposure Probe1x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

infoHttp Http Method Get11x

HTTP request using GET method.

infoHttp Root Path Request11x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 168.100.9.75

http_method_get44 https_path_root6 http_path_bad_request4 https_path_bad_request2 http_path_dotgit_config2 http_path_dotenv1 https_query_import_raw1 http_path_dotenv_production1

$ sikker related 168.100.9.75

🇳🇱·More threats fromThe Netherlands→AS·More threats fromBL Networks→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
64.190.113.106	54%	7
64.94.85.142	22%	7
64.190.113.221	13%	3
45.61.137.56	39%	4
206.166.251.193	82%	114

IP Address	Confidence	Events
89.190.156.116	99%	62
51.158.205.203	90%	19,537
45.148.10.192	100%	39,526
94.154.35.215	92%	42,803
176.65.149.253	98%	1,974