Check an IP Address, Domain Name, Subnet, or ASN

209.38.248.17 was found in our database!

$ whois 209.38.248.17

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 209.38.248.17scoring →

confidence

87%Very High

first_seen·Jan 27, 2026

last_seen·1h ago

first_reported·Mar 19, 2026

last_reported·20d ago

sessions·584

events·737

reports·1

$ sikker protocols 209.38.248.17

HTTP

294 / 396

HTTPS

281 / 329

POSTGRES

6 / 6 / 1r

SSH

3 / 6

$ sikker summary 209.38.248.17

209.38.248.17 has a threat confidence score of 87%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 584 honeypot sessions and reported 1 times targeting HTTP, HTTPS, POSTGRES, SSH protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on January 27, 2026, most recently active April 9, 2026.

$ sikker behaviors 209.38.248.17catalog →

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 209.38.248.17

https_path_graphql12 http_method_get3 postgres_select_table_contents2 https_path_dotenv1 https_path_config_json1 postgres_query_semicolon1 postgres_version_probe_lowercase_no_;1

$ sikker reports 209.38.248.17submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 19, 2026, 20:55	Brute Force	POSTGRES	SikkerGuard: 6 blocked packets

$ sikker related 209.38.248.17

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→POST·More threats targetingPOSTGRES→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
164.92.124.232	81%	491
168.144.37.110	56%	22
143.198.31.17	53%	8
167.172.91.38	97%	1,045
167.99.50.30	23%	1

IP Address	Confidence	Events
87.106.33.160	98%	7,151
134.209.253.71	85%	151
89.163.204.62	87%	83,985
158.173.154.36	84%	10,772
194.164.192.90	98%	19,819