Check an IP Address, Domain Name, Subnet, or ASN

146.190.103.103 was found in our database!

$ whois 146.190.103.103

country·🇸🇬 Singapore

city·Singapore

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 146.190.103.103scoring →

confidence

95%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·307

events·561

$ sikker protocols 146.190.103.103

HTTP

202 / 358

HTTPS

103 / 199

TELNET

2 / 4

$ sikker summary 146.190.103.103

146.190.103.103 has a threat confidence score of 95%. This IP address from Singapore (AS14061, DigitalOcean, LLC) has been observed in 307 honeypot sessions targeting HTTP, HTTPS, TELNET protocols. Detected attack patterns include http dotenv file exposure probe, https dotenv environment file exposure probe. First observed on January 21, 2026, most recently active March 22, 2026.

$ sikker behaviors 146.190.103.103catalog →

highHttp Dotenv File Exposure Probe3x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttps Direct Bad Request Endpoint Access1x

Identifies direct HTTPS requests to the /bad-request path, indicating manual or automated probing of error-handling routes rather than normal application flow.

$ sikker primitives 146.190.103.103

http_method_get34 http_path_bad_request5 http_path_dotenv3 http_path_config_json3 https_path_root1 https_path_dotenv1 https_path_bad_request1 http_path_dotgit_config1

$ sikker related 146.190.103.103

🇸🇬·More threats fromSingapore→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
68.183.190.37	88%	287
157.245.207.166	78%	168
68.183.238.7	89%	279
138.68.162.185	55%	12
168.144.42.67	88%	278

IP Address	Confidence	Events
43.128.66.191	97%	2,179
43.134.1.173	97%	536
206.238.115.197	97%	5,480
188.166.213.149	88%	282
202.79.174.13	82%	1,451