Check an IP Address, Domain Name, Subnet, or ASN

64.252.89.236 was found in our database!

$ whois 64.252.89.236

country·🇩🇪 Germany

city·Frankfurt am Main

isp·Amazon.com, Inc.

asn·AS16509

network·Standard

$ sikker risk 64.252.89.236scoring →

confidence

98%Very High

first_seen·Apr 5, 2026

last_seen·1h ago

sessions·85

events·85

$ sikker protocols 64.252.89.236

HTTP

85 / 85

$ sikker summary 64.252.89.236

64.252.89.236 has a threat confidence score of 98%. This IP address from Germany (AS16509, Amazon.com, Inc.) has been observed in 85 honeypot sessions targeting HTTP protocols. Detected attack patterns include http dotenv file exposure probe, http git repository config exposure probe. First observed on April 5, 2026, most recently active April 17, 2026.

$ sikker behaviors 64.252.89.236catalog →

highHttp Dotenv File Exposure Probe7x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttp Git Repository Config Exposure Probe4x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

infoHttp Http Method Get67x

HTTP request using GET method.

infoHttp Root Path Request67x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 64.252.89.236

http_method_get572 http_path_dotenv8 http_path_dotgit_config4 http_path_app_dotenv2 http_path_dotenv_staging2 http_path_dotenv_production2 http_path_dotenv_development2 http_path_config_json1 http_path_dotenv_local1 http_path_dotaws_credentials1 http_request_path_root_aws_credentials1

$ sikker related 64.252.89.236

🇩🇪·More threats fromGermany→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
52.193.244.90	97%	3,344
13.231.239.44	97%	4,969
3.131.220.121	100%	27,832
54.151.176.0	85%	9,565
44.247.181.228	60%	1,889

IP Address	Confidence	Events
89.163.204.62	87%	89,798
216.24.213.226	88%	10,012
193.124.20.243	61%	24
193.124.20.248	64%	18
85.215.253.149	64%	461