Check an IP Address, Domain Name, Subnet, or ASN

172.70.147.206 was found in our database!

$ whois 172.70.147.206

country·🇺🇸 United States

isp·Cloudflare, Inc.

asn·AS13335

network·Standard

$ sikker risk 172.70.147.206scoring →

confidence

22%Low

first_seen·Mar 8, 2026

last_seen·1h ago

sessions·12

events·12

$ sikker protocols 172.70.147.206

HTTP

12 / 12

$ sikker summary 172.70.147.206

172.70.147.206 has a threat confidence score of 22%. This IP address from United States (AS13335, Cloudflare, Inc.) has been observed in 12 honeypot sessions targeting HTTP protocols. Detected attack patterns include http dotenv file exposure probe. First observed on March 8, 2026, most recently active March 23, 2026.

$ sikker behaviors 172.70.147.206catalog →

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

mediumWordpress Urlencoded Auth Probe3x

Identifies HTTP sessions where WordPress authentication is attempted through URL-encoded form credential submission. This pattern is commonly associated with automated login probing, credential stuffing frameworks, or scripted reconnaissance against WordPress admin authentication workflows.

$ sikker primitives 172.70.147.206

http_wp_login_form_urlencoded_credentials_unordered3 http_method_get1 http_path_dotenv1 http_wp_login_form_urlencoded_credentials1

$ sikker related 172.70.147.206

🇺🇸·More threats fromUnited States→AS·More threats fromCloudflare, Inc.→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
162.159.122.93	12%	42
162.158.167.209	8%	1
172.71.144.109	21%	22
172.69.134.72	19%	831
172.71.172.108	6%	3

IP Address	Confidence	Events
45.205.1.20	89%	1,041
20.102.112.104	82%	2,295
165.245.175.173	98%	3,322
92.118.39.87	100%	253,360
193.37.33.184	83%	4,327