Check an IP Address, Domain Name, Subnet, or ASN

207.154.212.47 was found in our database!

$ whois 207.154.212.47

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 207.154.212.47scoring →

confidence

88%Very High

first_seen·Jan 26, 2026

last_seen·23h ago

sessions·622

events·797

$ sikker protocols 207.154.212.47

HTTPS

299 / 426

HTTP

300 / 338

SSH

13 / 23

POSTGRES

7 / 7

MONGODB

3 / 3

$ sikker summary 207.154.212.47

207.154.212.47 has a threat confidence score of 88%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 622 honeypot sessions targeting HTTPS, HTTP, SSH, POSTGRES, MONGODB protocols. Detected attack patterns include http dotenv file exposure probe. First observed on January 26, 2026, most recently active April 16, 2026.

$ sikker behaviors 207.154.212.47catalog →

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

mediumHttps Dotgit Repository Configuration Exposure Probe1x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 207.154.212.47

https_path_graphql13 http_method_get6 postgres_select_table_contents2 http_path_dotenv1 http_path_bad_request1 https_path_config_json1 https_path_dotgit_config1 postgres_query_semicolon1 mongodb_listdatabases_command1 postgres_version_probe_lowercase_no_;1

$ sikker related 207.154.212.47

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→POST·More threats targetingPOSTGRES→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
164.92.124.232	81%	3,903
147.182.219.8	72%	230
165.22.218.119	93%	11,399
165.232.74.249	59%	22
209.97.161.72	100%	806

IP Address	Confidence	Events
146.0.42.48	86%	73,143
216.24.213.226	88%	10,708
62.171.147.220	96%	445
193.24.210.169	78%	4,545
62.171.133.1	97%	26,357