Check an IP Address, Domain Name, Subnet, or ASN

185.65.134.196 was found in our database!

$ whois 185.65.134.196

country·🇳🇱 The Netherlands

city·Amsterdam

isp·31173 Services AB

asn·AS39351

network·Standard

$ sikker risk 185.65.134.196scoring →

confidence

60%High

first_seen·Mar 23, 2026

last_seen·10d ago

sessions·30

events·30

$ sikker protocols 185.65.134.196

HTTPS

28 / 28

HTTP

1 / 1

IMAP

1 / 1

$ sikker summary 185.65.134.196

185.65.134.196 has a threat confidence score of 60%. This IP address from The Netherlands (AS39351, 31173 Services AB) has been observed in 30 honeypot sessions targeting HTTPS, HTTP, IMAP protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on March 23, 2026, most recently active April 9, 2026.

$ sikker behaviors 185.65.134.196catalog →

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

$ sikker primitives 185.65.134.196

https_path_dotenv1

$ sikker related 185.65.134.196

🇳🇱·More threats fromThe Netherlands→AS·More threats from31173 Services AB→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→IMAP·More threats targetingIMAP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
193.32.127.196	72%	186
185.65.133.139	83%	3
185.195.233.145	67%	3
193.32.249.163	72%	159
141.98.253.14	62%	4

IP Address	Confidence	Events
45.148.10.192	100%	38,045
185.76.243.15	89%	115
46.151.178.13	95%	10,259
45.156.87.209	95%	27
176.65.148.173	47%	103