Check an IP Address, Domain Name, Subnet, or ASN

103.215.74.185 was found in our database!

$ whois 103.215.74.185

country·🇮🇳 India

isp·SoloRDP

asn·AS150303

network·Standard

$ sikker risk 103.215.74.185scoring →

confidence

97%Very High

first_seen·Apr 12, 2026

last_seen·11d ago

sessions·160

events·160

$ sikker protocols 103.215.74.185

HTTPS

129 / 129

HTTP

28 / 28

POSTGRES

3 / 3

$ sikker summary 103.215.74.185

103.215.74.185 has a threat confidence score of 97%. This IP address from India (AS150303, SoloRDP) has been observed in 160 honeypot sessions targeting HTTPS, HTTP, POSTGRES protocols. Detected attack patterns include http dotenv file exposure probe, http git repository config exposure probe, https dotenv environment file exposure probe. First observed on April 12, 2026, most recently active April 18, 2026.

$ sikker behaviors 103.215.74.185catalog →

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttp Git Repository Config Exposure Probe1x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttp Http Method Get4x

HTTP request using GET method.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 103.215.74.185

http_method_get72 https_path_root19 https_path_dotenv8 https_path_dotenv_production8 https_path_dotaws_credentials6 https_path_dotenv_local4 http_path_bad_request2 http_path_dotenv1 http_path_app_dotenv1 http_path_config_json1 http_path_dotenv_local1 http_path_dotgit_config1 http_path_dotenv_staging1 http_path_dotenv_production1 http_path_dotaws_credentials1 http_path_dotenv_development1

$ sikker related 103.215.74.185

🇮🇳·More threats fromIndia→AS·More threats fromSoloRDP→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
103.215.75.70	79%	21
103.215.74.60	57%	36
103.215.74.213	86%	143

IP Address	Confidence	Events
164.164.117.23	25%	58
182.71.50.212	76%	360
35.154.57.188	96%	1,456
110.227.215.90	56%	268
122.183.42.151	72%	9