Check an IP Address, Domain Name, Subnet, or ASN

209.38.193.124 was found in our database!

$ whois 209.38.193.124

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 209.38.193.124scoring →

confidence

88%Very High

first_seen·Mar 28, 2026

last_seen·21m ago

sessions·106

events·106

$ sikker protocols 209.38.193.124

FTP

33 / 33

HTTPS

24 / 24

SMTP

23 / 23

HTTP

14 / 14

IMAP

8 / 8

SSH

2 / 2

TELNET

2 / 2

$ sikker summary 209.38.193.124

209.38.193.124 has a threat confidence score of 88%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 106 honeypot sessions targeting FTP, HTTPS, SMTP, HTTP, IMAP and 2 other protocols. First observed on March 28, 2026, most recently active March 30, 2026.

$ sikker behaviors 209.38.193.124catalog →

infoHttp Root Path Request6x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade3x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoSmtp Tls Capability Probe2x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 209.38.193.124

empty_ftp_command28 http_method_get9 ftp_auth_tls3 smtp_ehlo_greeting2 http_path_bad_request2 smtp_starttls_upgrade_request2 https_path_root1

$ sikker related 209.38.193.124

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→FTP·More threats targetingFTP→HTTP·More threats targetingHTTPS→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTP→IMAP·More threats targetingIMAP→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
64.225.112.209	44%	15
157.230.217.238	20%	12
134.122.121.198	69%	68
142.93.145.126	94%	687
37.139.8.32	90%	12

IP Address	Confidence	Events
87.106.147.36	99%	279,198
146.0.42.48	87%	64,199
176.65.132.93	100%	6,024
194.164.192.90	99%	6,700
213.165.52.102	97%	160