Check an IP Address, Domain Name, Subnet, or ASN

31.58.214.23 was found in our database!

$ whois 31.58.214.23

country·🇬🇧 United Kingdom

city·Maidenhead

isp·Iomart Cloud Services Limited

asn·AS20860

network·Standard

$ sikker risk 31.58.214.23scoring →

confidence

100%Very High

first_seen·Mar 22, 2026

last_seen·7m ago

sessions·2,664

events·2,666

$ sikker protocols 31.58.214.23

HTTP

1,343 / 1,345

HTTPS

1,321 / 1,321

$ sikker summary 31.58.214.23

31.58.214.23 has a threat confidence score of 100%. This IP address from United Kingdom (AS20860, Iomart Cloud Services Limited) has been observed in 2,664 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include http dotenv file exposure probe, https dotenv environment file exposure probe. First observed on March 22, 2026, most recently active April 13, 2026.

$ sikker behaviors 31.58.214.23catalog →

highHttp Dotenv File Exposure Probe2x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttps Dotenv Environment File Exposure Probe2x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

mediumHttps Ai Config Py Access6x

HTTPS request to /ai_config.py path.

mediumHttps Moltbot Auth Profile Discovery6x

Probing for Moltbot agent authentication profiles via /.moltbot/agents/main/agent/auth-profiles.json, indicating attempts to discover exposed credentials or internal configuration for unauthorized access.

mediumHttps Moltbot Config Exposure Attempt4x

Attempt to access /.moltbot/moltbot.json, indicating reconnaissance or exploitation of an exposed Moltbot configuration file.

mediumHttp Ai Config File Access3x

HTTP GET request to /ai_config.py, indicating an attempt to retrieve a Python configuration file that may expose application settings or embedded secrets.

mediumHttps Probe Openclaw Config3x

HTTP request to /.openclaw/openclaw.json.

mediumHttps Dump Sql Access1x

HTTPS request to /dump.sql path.

mediumHttps Litellm Config Yaml Access1x

HTTPS request to /litellm_config.yaml path.

infoHttp Http Method Get142x

HTTP request using GET method.

$ sikker primitives 31.58.214.23

http_method_get387 http_path_dotenv_staging7 http_path_dotbash_history7 https_moltbot_auth_profiles_json_probe7 http_path_dotenv6 https_path_ai_config_py6 http_path_config_json5 http_path_dotenv_production5 ai_config_py_file_request4 https_moltbot_json_file_request4 http_streamlit_secrets_toml_request4 https_path_dotenv_local3 http_openclaw_json_path_probe3 http_cline_settings_json_path_probe3 https_path_dotenv2 http_path_dotenv_local2 https_path_dotbash_history2 http_path_dotenv_development2 https_path_dotenv_production2 https_path_dotenv_development2

$ sikker related 31.58.214.23

🇬🇧·More threats fromUnited Kingdom→AS·More threats fromIomart Cloud Services Limited→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
81.168.83.103	98%	15,645
212.38.189.186	75%	66
185.214.101.44	39%	4
163.5.94.137	48%	2
78.129.231.160	75%	6

IP Address	Confidence	Events
109.69.111.235	96%	1,757
91.205.158.59	95%	613
104.248.161.154	99%	315
87.236.176.83	93%	658
185.247.137.101	97%	581