Check an IP Address, Domain Name, Subnet, or ASN

46.101.1.225 was found in our database!

$ whois 46.101.1.225

country·🇬🇧 United Kingdom

city·Slough

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 46.101.1.225scoring →

confidence

98%Very High

first_seen·Jan 27, 2026

last_seen·8d ago

first_reported·Mar 4, 2026

last_reported·14d ago

sessions·650

events·880

reports·1

$ sikker protocols 46.101.1.225

HTTP

430 / 588

HTTPS

220 / 292

POSTGRES

0 / 0 / 1r

$ sikker summary 46.101.1.225

46.101.1.225 has a threat confidence score of 98%. This IP address from United Kingdom (AS14061, DigitalOcean, LLC) has been observed in 650 honeypot sessions and reported 1 times targeting HTTP, HTTPS, POSTGRES protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on January 27, 2026, most recently active March 10, 2026.

$ sikker behaviors 46.101.1.225catalog →

highHttps Dotenv Environment File Exposure Probe3x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

mediumHttps Dotgit Repository Configuration Exposure Probe1x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Direct Bad Request Endpoint Access2x

Identifies direct HTTPS requests to the /bad-request path, indicating manual or automated probing of error-handling routes rather than normal application flow.

$ sikker primitives 46.101.1.225

http_method_get38 http_path_bad_request4 https_path_root3 https_path_dotenv3 http_path_dotgit_config3 http_path_config_json2 https_path_bad_request2 http_path_dotenv1 https_path_config_json1 https_path_dotgit_config1

$ sikker reports 46.101.1.225submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 4, 2026, 21:11	Brute Force	POSTGRES	SikkerGuard: 6 blocked packets

$ sikker related 46.101.1.225

🇬🇧·More threats fromUnited Kingdom→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
209.38.25.156	93%	17
159.65.223.199	96%	230
159.89.52.72	77%	68
107.170.36.77	23%	1
64.227.76.184	73%	345

IP Address	Confidence	Events
193.104.222.2	92%	36
35.203.210.229	70%	130
35.203.210.95	54%	85
94.72.102.118	95%	535
178.62.94.60	66%	8