Check an IP Address, Domain Name, Subnet, or ASN

91.224.92.161 was found in our database!

$ whois 91.224.92.161

country·🇬🇧 United Kingdom

isp·UAB Host Baltic

asn·AS209605

network·Standard

$ sikker risk 91.224.92.161scoring →

confidence

94%Very High

first_seen·Mar 26, 2026

last_seen·2d ago

sessions·296

events·296

$ sikker protocols 91.224.92.161

HTTP

255 / 255

SSH

20 / 20

HTTPS

15 / 15

SMTP

6 / 6

$ sikker summary 91.224.92.161

91.224.92.161 has a threat confidence score of 94%. This IP address from United Kingdom (AS209605, UAB Host Baltic) has been observed in 296 honeypot sessions targeting HTTP, SSH, HTTPS, SMTP protocols. Detected attack patterns include http dotenv file exposure probe. First observed on March 26, 2026, most recently active April 15, 2026.

$ sikker behaviors 91.224.92.161catalog →

highHttp Dotenv File Exposure Probe3x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Root Path Request99x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get98x

HTTP request using GET method.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 91.224.92.161

http_method_get160 http_path_dotenv_staging18 https_path_root5 http_path_dotenv5 http_path_dotenv_local5 http_path_dotenv_production5 https_path_dotenv_staging2 https_path_dotenv_production1

$ sikker related 91.224.92.161

🇬🇧·More threats fromUnited Kingdom→AS·More threats fromUAB Host Baltic→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→HTTP·More threats targetingHTTPS→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
91.224.92.146	82%	630
185.169.4.232	92%	84
91.224.92.177	96%	1,018
141.98.11.59	100%	14,463
185.169.4.237	81%	33

IP Address	Confidence	Events
94.72.102.118	95%	3,627
64.89.163.244	100%	4,145
193.104.222.131	99%	25,134
87.236.176.49	90%	567
185.247.137.250	94%	627