Check an IP Address, Domain Name, Subnet, or ASN

172.94.9.253 was found in our database!

$ whois 172.94.9.253

country·🇮🇷 Iran

isp·Limited Network LTD

asn·AS213790

network·Standard

$ sikker risk 172.94.9.253scoring →

confidence

100%Very High

first_seen·Feb 16, 2026

last_seen·3h ago

first_reported·Feb 25, 2026

last_reported·21d ago

sessions·2,431

events·2,433

reports·128

$ sikker protocols 172.94.9.253

HTTP

1,199 / 1,199 / 128r

HTTPS

1,232 / 1,234

$ sikker summary 172.94.9.253

172.94.9.253 has a threat confidence score of 100%. This IP address from Iran (AS213790, Limited Network LTD) has been observed in 2,431 honeypot sessions and reported 128 times targeting HTTP, HTTPS protocols. Detected attack patterns include http git repository config exposure probe. First observed on February 16, 2026, most recently active April 12, 2026.

$ sikker behaviors 172.94.9.253catalog →

highHttp Git Repository Config Exposure Probe40x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

mediumHttps Dotgit Repository Configuration Exposure Probe828x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

mediumHttps Dotgit Config Exposure Probe17x

HTTPS request targeting /.git/config, representing a direct attempt to access a publicly exposed Git repository configuration file. This behavior reflects repository metadata enumeration via the Git configuration file and is commonly associated with source disclosure reconnaissance.

$ sikker primitives 172.94.9.253

https_path_dotgit_config840 http_method_get71 http_path_dotgit_config71

$ sikker reports 172.94.9.253submit →

Showing 5 of 25 reports (128 total) from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 22, 2026, 16:17	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 22, 2026, 09:33	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 22, 2026, 09:12	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 22, 2026, 07:57	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 21, 2026, 23:47	Brute Force	HTTP	SikkerGuard: 2 blocked packets

1 / 5

$ sikker related 172.94.9.253

🇮🇷·More threats fromIran→AS·More threats fromLimited Network LTD→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
192.253.248.169	100%	2,615
172.94.9.188	79%	62
185.93.89.192	53%	211
185.93.89.190	66%	206
185.93.89.193	52%	188

IP Address	Confidence	Events
77.90.185.118	98%	11,934
185.93.89.157	23%	1
192.253.248.169	100%	2,635
62.60.130.21	96%	3,455
212.16.87.65	99%	42