Check an IP Address, Domain Name, Subnet, or ASN

193.32.248.205 was found in our database!

$ whois 193.32.248.205

country·🇩🇪 Germany

city·Berlin

isp·31173 Services AB

asn·AS39351

network·Standard

$ sikker risk 193.32.248.205scoring →

confidence

95%Very High

first_seen·Mar 12, 2026

last_seen·5d ago

sessions·124

events·124

$ sikker protocols 193.32.248.205

HTTP

79 / 79

HTTPS

42 / 42

FTP

1 / 1

SSH

1 / 1

MYSQL

1 / 1

$ sikker summary 193.32.248.205

193.32.248.205 has a threat confidence score of 95%. This IP address from Germany (AS39351, 31173 Services AB) has been observed in 124 honeypot sessions targeting HTTP, HTTPS, FTP, SSH, MYSQL protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on March 12, 2026, most recently active March 13, 2026.

$ sikker behaviors 193.32.248.205catalog →

highHttps Dotenv Environment File Exposure Probe2x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttp Root Path Request56x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request8x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 193.32.248.205

http_method_get77 https_path_root14 http_path_dotenv4 http_path_dotgit_config4 http_path_doc_page_login_asp_access4 http_phpunit_eval_stdin_php_path_access4 mysql_show_table_status3 https_path_dotenv2 https_path_dotgit_config2 https_phpunit_eval_stdin_rce_probe2 ssh_uname_all1 ftp_user_probe1 ftp_password_attempt1 mysql_show_databases1 http_path_config_json1 ssh_id_identity_query1 https_path_config_json1 mysql_set_names_utf8mb41 mysql_disable_autocommit1 ssh_whoami_user_identity1

$ sikker related 193.32.248.205

🇩🇪·More threats fromGermany→AS·More threats from31173 Services AB→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→FTP·More threats targetingFTP→SSH·More threats targetingSSH→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
193.32.249.224	86%	131
185.213.154.203	30%	2
185.65.134.203	16%	14
185.213.154.217	30%	2
185.209.196.151	43%	8

IP Address	Confidence	Events
64.226.101.80	100%	68
94.130.218.118	82%	1,712
87.106.147.36	100%	167,841
212.132.118.184	95%	563
157.230.99.96	99%	90