Check an IP Address, Domain Name, Subnet, or ASN

138.197.191.87 was found in our database!

$ whois 138.197.191.87

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 138.197.191.87scoring →

confidence

84%Very High

first_seen·Jan 22, 2026

last_seen·2d ago

sessions·558

events·819

$ sikker protocols 138.197.191.87

HTTPS

300 / 478

HTTP

243 / 326

POSTGRES

9 / 9

MSSQL

6 / 6

$ sikker summary 138.197.191.87

138.197.191.87 has a threat confidence score of 84%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 558 honeypot sessions targeting HTTPS, HTTP, POSTGRES, MSSQL protocols. Detected attack patterns include http dotenv file exposure probe. First observed on January 22, 2026, most recently active April 15, 2026.

$ sikker behaviors 138.197.191.87catalog →

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get3x

HTTP request using GET method.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 138.197.191.87

http_method_get10 https_path_graphql8 postgres_select_table_contents2 http_path_dotenv1 http_path_bad_request1 http_path_dotgit_config1 postgres_query_semicolon1 postgres_version_probe_lowercase_no_;1

$ sikker related 138.197.191.87

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→POST·More threats targetingPOSTGRES→MSSQ·More threats targetingMSSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
164.92.124.232	81%	3,903
147.182.219.8	72%	230
165.22.218.119	93%	11,399
165.232.74.249	59%	22
209.97.161.72	100%	806

IP Address	Confidence	Events
146.0.42.48	86%	73,143
216.24.213.226	88%	10,708
62.171.147.220	96%	445
193.24.210.169	78%	4,545
62.171.133.1	97%	26,357