Check an IP Address, Domain Name, Subnet, or ASN

172.71.103.57 was found in our database!

$ whois 172.71.103.57

country·🇳🇱 The Netherlands

city·Amsterdam

isp·Cloudflare, Inc.

asn·AS13335

network·Standard

$ sikker risk 172.71.103.57scoring →

confidence

25%Low

first_seen·Jan 25, 2026

last_seen·1h ago

sessions·9

events·11

$ sikker protocols 172.71.103.57

HTTP

5 / 7

HTTPS

4 / 4

$ sikker summary 172.71.103.57

172.71.103.57 has a threat confidence score of 25%. This IP address from The Netherlands (AS13335, Cloudflare, Inc.) has been observed in 9 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include https dotenv environment file exposure probe, http git repository config exposure probe. First observed on January 25, 2026, most recently active March 26, 2026.

$ sikker behaviors 172.71.103.57catalog →

highHttps Dotenv Environment File Exposure Probe2x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

highHttp Git Repository Config Exposure Probe1x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 172.71.103.57

http_method_get12 https_path_dotenv3 https_path_config_json2 https_path_root1 https_path_app_dotenv1 http_path_dotgit_config1 https_path_dotenv_local1 https_path_dotgit_config1 https_path_dotenv_staging1 https_git_head_file_access1 https_path_dotenv_production1 https_path_dotaws_credentials1 https_path_dotenv_development1

$ sikker related 172.71.103.57

🇳🇱·More threats fromThe Netherlands→AS·More threats fromCloudflare, Inc.→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
104.23.221.23	12%	25
172.68.164.13	10%	22
104.23.223.79	15%	83
104.23.221.22	10%	21
172.70.240.11	6%	5

IP Address	Confidence	Events
130.12.180.51	100%	22,969
45.148.10.240	100%	509,266
194.50.16.198	100%	51,897
45.148.10.121	98%	251,664
45.148.10.192	100%	21,806