Check an IP Address, Domain Name, Subnet, or ASN

64.226.107.13 was found in our database!

$ whois 64.226.107.13

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 64.226.107.13scoring →

confidence

87%Very High

first_seen·Apr 24, 2026

last_seen·1h ago

sessions·51

events·51

$ sikker protocols 64.226.107.13

HTTPS

16 / 16

SMTP

13 / 13

FTP

11 / 11

HTTP

9 / 9

IMAP

2 / 2

$ sikker summary 64.226.107.13

64.226.107.13 has a threat confidence score of 87%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 51 honeypot sessions targeting HTTPS, SMTP, FTP, HTTP, IMAP protocols. First observed on April 24, 2026, most recently active April 25, 2026.

$ sikker behaviors 64.226.107.13catalog →

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoSmtp Tls Capability Probe1x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

$ sikker primitives 64.226.107.13

empty_ftp_command9 http_method_get5 http_path_bad_request4 https_path_root2 ftp_auth_tls1 smtp_ehlo_greeting1 smtp_starttls_upgrade_request1

$ sikker related 64.226.107.13

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTPS→SMTP·More threats targetingSMTP→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→IMAP·More threats targetingIMAP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
64.227.18.74	70%	41
128.199.225.7	100%	2,993
165.22.218.119	93%	12,307
159.223.63.125	82%	71
168.144.32.172	85%	163

IP Address	Confidence	Events
217.216.108.129	90%	9,052
162.158.110.221	13%	3
128.140.8.221	96%	142
89.163.204.62	87%	93,145
176.65.132.39	100%	6,469