Check an IP Address, Domain Name, Subnet, or ASN

172.64.198.181 was found in our database!

$ whois 172.64.198.181

country·🇵🇱 Poland

city·Warsaw

isp·Cloudflare, Inc.

asn·AS13335

network·Standard

$ sikker risk 172.64.198.181scoring →

confidence

28%Low

first_seen·Jan 31, 2026

last_seen·2h ago

sessions·17

events·56

$ sikker protocols 172.64.198.181

HTTP

10 / 49

HTTPS

7 / 7

$ sikker summary 172.64.198.181

172.64.198.181 has a threat confidence score of 28%. This IP address from Poland (AS13335, Cloudflare, Inc.) has been observed in 17 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include http git repository config exposure probe, http dotenv file exposure probe, https dotenv environment file exposure probe. First observed on January 31, 2026, most recently active March 22, 2026.

$ sikker behaviors 172.64.198.181catalog →

highHttp Git Repository Config Exposure Probe2x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

mediumHttps Dotgit Repository Configuration Exposure Probe1x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 172.64.198.181

http_method_get18 https_path_root4 http_path_dotenv2 http_path_dotgit_config2 https_path_dotenv1 https_path_app_dotenv1 https_path_dotgit_config1

$ sikker related 172.64.198.181

🇵🇱·More threats fromPoland→AS·More threats fromCloudflare, Inc.→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.70.142.120	15%	15
172.71.127.39	12%	5
172.69.109.152	4%	20
172.71.210.49	8%	1
104.22.20.103	6%	5

IP Address	Confidence	Events
91.218.202.248	81%	2,188
149.86.227.60	95%	4,699
31.6.212.12	100%	916
178.212.42.179	43%	66
54.38.52.18	100%	1,012