Confidence Level

98%

Very High?

Geolocation

🇳🇱

The Netherlands

ISPHostSlim B.V.

ASNAS207083

Activity Timeline

First seenMar 9, 2026, 07:57 PM

Last seen50m ago

38Sessions

38Events

Protocol Breakdown

HTTPS

36 / 36

HTTP

2 / 2

103.219.153.187 has a very high threat confidence level of 98%, originating from The Netherlands, on the HostSlim B.V. network (207083). It has been observed across 38 sessions targeting HTTPS, HTTP, with detected attack patterns including https dotenv environment file exposure probe, First observed on March 9, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Https Dotenv Environment File Exposure Probe

high36x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

Primitives

Individual actions observed

Https Path Dotenv36 Http Path Dotenv2

Related Threats

Explore related threat intelligence

🇳🇱More threats fromThe Netherlands ASMore threats fromHostSlim B.V.HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
69.12.83.39	100%	365
69.12.83.27	100%	402
69.12.83.46	100%	303
103.219.154.156	54%	424
103.219.153.248	97%	136

IP Address	Confidence	Events
178.16.54.231	91%	10,790
178.16.54.170	91%	10,466
178.16.54.89	91%	10,725
178.16.54.111	91%	10,648
45.148.10.240	100%	475,983