Check an IP Address, Domain Name, Subnet, or ASN

103.158.121.29 was found in our database!

$ whois 103.158.121.29

country·🇮🇩 Indonesia

isp·PT Anugerah Cimanuk Raya

asn·AS141127

network·Standard

$ sikker risk 103.158.121.29scoring →

confidence

98%Very High

first_seen·Feb 22, 2026

last_seen·1h ago

sessions·43

events·43

$ sikker protocols 103.158.121.29

HTTPS

30 / 30

HTTP

13 / 13

$ sikker summary 103.158.121.29

103.158.121.29 has a threat confidence score of 98%. This IP address from Indonesia (AS141127, PT Anugerah Cimanuk Raya) has been observed in 43 honeypot sessions targeting HTTPS, HTTP protocols. Detected attack patterns include https dotenv environment file exposure probe, http dotenv file exposure probe. First observed on February 22, 2026, most recently active March 25, 2026.

$ sikker behaviors 103.158.121.29catalog →

highHttps Dotenv Environment File Exposure Probe16x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

highHttp Dotenv File Exposure Probe2x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Root Path Request10x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 103.158.121.29

http_method_get146 https_path_dotenv22 https_path_root19 http_path_dotenv2 https_path_app_dotenv1 http_path_dotenv_local1 https_path_dotenv_local1 https_path_dotgit_config1 https_path_dotenv_staging1 https_path_dotenv_production1 https_path_dotaws_credentials1

$ sikker related 103.158.121.29

🇮🇩·More threats fromIndonesia→AS·More threats fromPT Anugerah Cimanuk Raya→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
103.158.121.155	18%	19
103.158.121.28	98%	91
103.158.121.26	98%	57

IP Address	Confidence	Events
43.129.40.252	96%	2,170
103.171.85.186	100%	671
180.252.28.152	53%	13
103.49.238.236	100%	389
139.194.62.3	31%	32