104.23.172.74 — Cloudflare, Inc., NL — Low (9%)

Check an IP Address, Domain Name, Subnet, or ASN

104.23.172.74 was found in our database!

Confidence Level

Low?

Geolocation

🇳🇱

The NetherlandsAmsterdam

ISPCloudflare, Inc.

ASNAS13335

Activity Timeline

First seenJan 25, 2026, 04:09 AM

Last seen2h ago

49Sessions

134Events

Protocol Breakdown

HTTPS

27 / 106

HTTP

22 / 28

104.23.172.74 has a low threat confidence level of 9%, originating from Amsterdam, The Netherlands, on the Cloudflare, Inc. network (13335). It has been observed across 49 sessions targeting HTTPS, HTTP, with detected attack patterns including https dotenv environment file exposure probe, First observed on January 25, 2026, most recently active March 3, 2026.

Behaviors

Classified behavioral patterns observed

Https Dotenv Environment File Exposure Probe

high3x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

Wordpress Default Credential Bruteforce

medium12x

Automated authentication attempt against a WordPress login endpoint using the common default username admin and weak password pattern. Indicative of credential stuffing or default password brute-force activity targeting internet-exposed WordPress installations.

Http Root Path Request

info1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Primitives

Individual actions observed

Https Path Root28 Http Wp Login Admin Default Password Attempt12 Https Path Dotenv5 Https Git Head File Access2 Http Method Get1 Https Path Config Json1 Https Path Dotenv Local1 Https Path Dotgit Config1 Https Path Dotenv Staging1 Https Path Dotenv Production1 Https Path Dotaws Credentials1

Related Threats

Explore related threat intelligence

🇳🇱More threats fromThe Netherlands ASMore threats fromCloudflare, Inc.HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
172.69.179.86	4%	85
172.69.179.85	6%	64
172.69.178.80	4%	6
172.69.178.81	2%	1
172.70.208.129	6%	643

IP Address	Confidence	Events
204.76.203.18	97%	28,844
64.95.96.70	98%	41,297
45.153.34.187	99%	5,780
45.148.10.240	100%	457,046
64.227.78.114	98%	639