Check an IP Address, Domain Name, Subnet, or ASN

157.15.40.83 was found in our database!

$ whois 157.15.40.83

country·🇮🇩 Indonesia

isp·PT Trisari Data Indonusa

asn·AS139952

network·Standard

$ sikker risk 157.15.40.83scoring →

confidence

98%Very High

first_seen·Mar 25, 2026

last_seen·3d ago

sessions·305

events·305

$ sikker protocols 157.15.40.83

HTTP

301 / 301

FTP

1 / 1

SSH

1 / 1

HTTPS

1 / 1

MYSQL

1 / 1

$ sikker summary 157.15.40.83

157.15.40.83 has a threat confidence score of 98%. This IP address from Indonesia (AS139952, PT Trisari Data Indonusa) has been observed in 305 honeypot sessions targeting HTTP, FTP, SSH, HTTPS, MYSQL protocols. Detected attack patterns include http dotenv file exposure probe. First observed on March 25, 2026, most recently active March 25, 2026.

$ sikker behaviors 157.15.40.83catalog →

highHttp Dotenv File Exposure Probe13x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Root Path Request257x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 157.15.40.83

http_method_get315 http_path_dotenv22 http_path_config_json8 http_path_doc_page_login_asp_access8 mysql_show_table_status5 http_path_dotgit_config3 ssh_uname_all1 ftp_user_probe1 ftp_password_attempt1 mysql_show_databases1 ssh_id_identity_query1 mysql_set_names_utf8mb41 mysql_disable_autocommit1 ssh_whoami_user_identity1 ssh_pwd_current_directory1 ssh_nproc_available_cpu_count1 mysql_select_information_schema_columns1

$ sikker related 157.15.40.83

🇮🇩·More threats fromIndonesia→AS·More threats fromPT Trisari Data Indonusa→HTTP·More threats targetingHTTP→FTP·More threats targetingFTP→SSH·More threats targetingSSH→HTTP·More threats targetingHTTPS→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
157.15.40.89	95%	868
157.15.40.91	35%	3
103.160.185.69	25%	41
203.175.125.218	97%	22
203.175.125.217	52%	5

IP Address	Confidence	Events
163.7.9.23	94%	422
43.157.203.128	96%	2,384
43.173.30.16	96%	2,517
103.49.239.156	100%	128
103.29.185.162	51%	463