Check an IP Address, Domain Name, Subnet, or ASN

64.252.87.45 was found in our database!

$ whois 64.252.87.45

country·🇩🇪 Germany

city·Frankfurt am Main

isp·Amazon.com, Inc.

asn·AS16509

network·Standard

$ sikker risk 64.252.87.45scoring →

confidence

98%Very High

first_seen·Apr 27, 2026

last_seen·1h ago

sessions·67

events·67

$ sikker protocols 64.252.87.45

HTTP

67 / 67

$ sikker summary 64.252.87.45

64.252.87.45 has a threat confidence score of 98%. This IP address from Germany (AS16509, Amazon.com, Inc.) has been observed in 67 honeypot sessions targeting HTTP protocols. Detected attack patterns include http git repository config exposure probe, http dotenv file exposure probe. First observed on April 27, 2026, most recently active April 29, 2026.

$ sikker behaviors 64.252.87.45catalog →

highHttp Git Repository Config Exposure Probe5x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

highHttp Dotenv File Exposure Probe4x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Http Method Get28x

HTTP request using GET method.

infoHttp Root Path Request28x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 64.252.87.45

http_method_get475 http_git_head_file_access10 http_path_dotenv9 http_path_dotenv_local8 http_path_dotgit_config8 http_path_dotenv_development6 http_request_path_aws_config_file5 http_path_app_dotenv3 http_path_dotenv_staging3 http_path_dotenv_production3 http_path_xmlrpc_php1 http_path_dotaws_credentials1

$ sikker related 64.252.87.45

🇩🇪·More threats fromGermany→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
54.183.120.138	49%	4
18.144.5.39	42%	2
3.130.168.2	100%	46,947
34.219.233.27	42%	2
52.193.244.90	97%	7,155

IP Address	Confidence	Events
89.163.204.62	87%	95,492
146.0.42.48	86%	80,596
158.173.154.150	85%	13,867
152.70.29.221	97%	11,020
45.135.193.131	90%	367