Check an IP Address, Domain Name, Subnet, or ASN

89.251.0.193 was found in our database!

$ whois 89.251.0.193

country·🇨🇦 Canada

city·Toronto

isp·Orion Network Limited

asn·AS41564

network·Standard

$ sikker risk 89.251.0.193scoring →

confidence

70%High

first_seen·Mar 17, 2026

last_seen·7d ago

sessions·4

events·4

$ sikker protocols 89.251.0.193

HTTPS

4 / 4

$ sikker summary 89.251.0.193

89.251.0.193 has a threat confidence score of 70%. This IP address from Canada (AS41564, Orion Network Limited) has been observed in 4 honeypot sessions targeting HTTPS protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on March 17, 2026, most recently active March 17, 2026.

$ sikker behaviors 89.251.0.193catalog →

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 89.251.0.193

https_path_root3 https_path_dotenv1

$ sikker related 89.251.0.193

🇨🇦·More threats fromCanada→AS·More threats fromOrion Network Limited→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
89.251.0.115	61%	28
196.196.53.101	30%	2
89.251.0.126	54%	1
89.251.0.141	27%	1
89.251.0.128	27%	1

IP Address	Confidence	Events
66.179.9.227	100%	2,365
184.107.178.27	87%	9
158.69.194.34	100%	800
50.67.177.253	38%	44
158.69.107.195	85%	1,136