Check an IP Address, Domain Name, Subnet, or ASN

207.154.197.113 was found in our database!

$ whois 207.154.197.113

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 207.154.197.113scoring →

confidence

89%Very High

first_seen·Jan 29, 2026

last_seen·1h ago

first_reported·Mar 6, 2026

last_reported·19h ago

sessions·620

events·786

reports·3

$ sikker protocols 207.154.197.113

HTTP

321 / 418

HTTPS

295 / 358

MONGODB

4 / 10

SSH

0 / 0 / 1r

POSTGRES

0 / 0 / 1r

$ sikker summary 207.154.197.113

207.154.197.113 has a threat confidence score of 89%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 620 honeypot sessions and reported 3 times targeting HTTP, HTTPS, MONGODB, SSH, POSTGRES protocols. First observed on January 29, 2026, most recently active May 1, 2026.

$ sikker behaviors 207.154.197.113catalog →

mediumHttps Dotgit Repository Configuration Exposure Probe1x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttps Direct Bad Request Endpoint Access1x

Identifies direct HTTPS requests to the /bad-request path, indicating manual or automated probing of error-handling routes rather than normal application flow.

$ sikker primitives 207.154.197.113

https_path_graphql7 mongodb_listdatabases3 http_method_get2 https_path_root1 https_path_bad_request1 https_path_dotgit_config1

$ sikker reports 207.154.197.113submit →

Showing 3 of 3 reports from 2 contributors

Reporter	Date	Category	Protocol	Comment
Anonymous	Apr 30, 2026, 18:31	Brute Force	—	SikkerGuard: 2 blocked packets
Anonymous	Apr 29, 2026, 17:00	Brute Force	SSH	SikkerGuard: 6 blocked packets
User	Mar 6, 2026, 21:12	Brute Force	POSTGRES	SikkerGuard: 6 blocked packets

$ sikker related 207.154.197.113

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→MONG·More threats targetingMONGODB→SSH·More threats targetingSSH→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
174.138.16.214	78%	5
161.35.135.119	99%	119
167.172.86.81	99%	77
134.122.64.45	96%	141
45.55.193.217	69%	2

IP Address	Confidence	Events
134.122.64.45	96%	141
5.180.65.203	99%	184
146.0.42.48	86%	81,392
87.98.242.75	97%	33,921
89.163.204.62	87%	96,358