Check an IP Address, Domain Name, Subnet, or ASN

195.178.110.18 was found in our database!

$ whois 195.178.110.18

country·🇧🇬 Bulgaria

isp·Techoff Srv Limited

asn·AS48090

network·Standard

$ sikker risk 195.178.110.18scoring →

confidence

97%Very High

first_seen·Feb 14, 2026

last_seen·2h ago

sessions·217

events·217

$ sikker protocols 195.178.110.18

HTTPS

175 / 175

HTTP

42 / 42

$ sikker summary 195.178.110.18

195.178.110.18 has a threat confidence score of 97%. This IP address from Bulgaria (AS48090, Techoff Srv Limited) has been observed in 217 honeypot sessions targeting HTTPS, HTTP protocols. Detected attack patterns include http git repository config exposure probe. First observed on February 14, 2026, most recently active March 30, 2026.

$ sikker behaviors 195.178.110.18catalog →

highHttp Git Repository Config Exposure Probe3x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

mediumHttps Dotgit Repository Configuration Exposure Probe9x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

mediumHttps Dotgit Config Exposure Probe6x

HTTPS request targeting /.git/config, representing a direct attempt to access a publicly exposed Git repository configuration file. This behavior reflects repository metadata enumeration via the Git configuration file and is commonly associated with source disclosure reconnaissance.

infoHttp Root Path Request25x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 195.178.110.18

http_method_get40 https_git_head_file_access11 https_path_dotgit_config9 http_git_head_file_access5 http_path_dotgit_config4

$ sikker related 195.178.110.18

🇧🇬·More threats fromBulgaria→AS·More threats fromTechoff Srv Limited→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.148.10.240	100%	516,870
195.178.110.30	100%	412,194
195.178.110.218	100%	18,150
45.148.10.192	100%	24,688
45.148.10.152	71%	340

IP Address	Confidence	Events
85.11.167.2	93%	32,029
79.124.40.174	100%	112,591
195.178.110.30	100%	412,193
195.178.110.218	100%	18,149
192.109.200.221	70%	402