172.70.115.19 — Cloudflare, Inc., US — Low (6%)

Check an IP Address, Domain Name, Subnet, or ASN

172.70.115.19 was found in our database!

Confidence Level

Low?

Geolocation

🇺🇸

United StatesNewark

ISPCloudflare, Inc.

ASNAS13335

Activity Timeline

First seenFeb 13, 2026, 01:51 AM

Last seen2h ago

9Sessions

9Events

Protocol Breakdown

HTTPS

6 / 6

HTTP

3 / 3

172.70.115.19 has a low threat confidence level of 6%, originating from Newark, United States, on the Cloudflare, Inc. network (13335). It has been observed across 9 sessions targeting HTTPS, HTTP, with detected attack patterns including http dotenv file exposure probe, First observed on February 13, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Http Dotenv File Exposure Probe

high1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

Https Root Path Request

info1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Primitives

Individual actions observed

Http Method Get6 Https Path Root6 Http Path Dotenv1 Http Body Androxgh0st Marker1

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromCloudflare, Inc.HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
172.71.110.152	6%	451
172.71.110.153	5%	320
104.23.209.176	2%	1
162.159.104.143	3%	45
104.23.190.23	7%	37

IP Address	Confidence	Events
23.94.28.163	97%	1,216
198.235.24.147	81%	100
173.239.218.88	91%	1,765
16.58.56.214	99%	20,505
198.143.149.250	99%	12,130