Check an IP Address, Domain Name, Subnet, or ASN

64.181.211.198 was found in our database!

$ whois 64.181.211.198

country·🇺🇸 United States

city·Chicago

isp·Oracle Corporation

asn·AS31898

network·Standard

$ sikker risk 64.181.211.198scoring →

confidence

97%Very High

first_seen·Mar 18, 2026

last_seen·1h ago

sessions·87

events·87

$ sikker protocols 64.181.211.198

HTTP

45 / 45

HTTPS

42 / 42

$ sikker summary 64.181.211.198

64.181.211.198 has a threat confidence score of 97%. This IP address from United States (AS31898, Oracle Corporation) has been observed in 87 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include http dotenv file exposure probe, http git repository config exposure probe. First observed on March 18, 2026, most recently active March 21, 2026.

$ sikker behaviors 64.181.211.198catalog →

highHttp Dotenv File Exposure Probe3x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttp Git Repository Config Exposure Probe2x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

infoHttp Root Path Request19x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request15x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe4x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 64.181.211.198

http_method_get57 https_path_root18 http_path_bad_request5 http_path_dotenv3 http_path_dotgit_config2 http_git_head_file_access2 http_path_doc_page_login_asp_access2 https_git_head_file_access1

$ sikker related 64.181.211.198

🇺🇸·More threats fromUnited States→AS·More threats fromOracle Corporation→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
146.235.40.233	73%	19
130.162.132.75	100%	230
161.118.244.10	72%	177
136.248.73.230	60%	864
193.123.245.198	100%	978

IP Address	Confidence	Events
184.105.139.68	100%	2,351
96.0.160.144	87%	19,685
66.132.172.100	78%	25
16.58.56.214	100%	31,976
167.94.138.166	49%	1,375