Check an IP Address, Domain Name, Subnet, or ASN

159.26.119.133 was found in our database!

$ whois 159.26.119.133

country·🇯🇵 Japan

city·Tokyo

isp·Proton AG

asn·AS208172

network·Standard

$ sikker risk 159.26.119.133scoring →

confidence

71%High

first_seen·Feb 27, 2026

last_seen·Feb 28, 2026

sessions·5

events·5

$ sikker protocols 159.26.119.133

HTTPS

5 / 5

$ sikker summary 159.26.119.133

159.26.119.133 has a threat confidence score of 71%. This IP address from Japan (AS208172, Proton AG) has been observed in 5 honeypot sessions targeting HTTPS protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on February 27, 2026, most recently active February 28, 2026.

$ sikker behaviors 159.26.119.133catalog →

highHttps Dotenv Environment File Exposure Probe2x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

$ sikker primitives 159.26.119.133

https_path_dotenv2

$ sikker related 159.26.119.133

🇯🇵·More threats fromJapan→AS·More threats fromProton AG→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
159.26.109.32	98%	76
205.147.28.50	80%	10
159.26.105.113	80%	18
159.26.110.52	72%	9
159.26.108.175	41%	1

IP Address	Confidence	Events
111.67.132.204	100%	3,834
13.231.239.44	97%	5,596
157.7.200.152	50%	505
137.220.227.200	96%	6,961
43.128.227.175	96%	822