Check an IP Address, Domain Name, Subnet, or ASN

172.71.148.150 was found in our database!

$ whois 172.71.148.150

country·🇩🇪 Germany

city·Frankfurt am Main

isp·Cloudflare, Inc.

asn·AS13335

network·Standard

$ sikker risk 172.71.148.150scoring →

confidence

20%Low

first_seen·Apr 8, 2026

last_seen·2d ago

sessions·4

events·4

$ sikker protocols 172.71.148.150

HTTP

4 / 4

$ sikker summary 172.71.148.150

172.71.148.150 has a threat confidence score of 20%. This IP address from Germany (AS13335, Cloudflare, Inc.) has been observed in 4 honeypot sessions targeting HTTP protocols. Detected attack patterns include http dotenv file exposure probe. First observed on April 8, 2026, most recently active April 15, 2026.

$ sikker behaviors 172.71.148.150catalog →

highHttp Dotenv File Exposure Probe1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

mediumWordpress Urlencoded Auth Probe1x

Identifies HTTP sessions where WordPress authentication is attempted through URL-encoded form credential submission. This pattern is commonly associated with automated login probing, credential stuffing frameworks, or scripted reconnaissance against WordPress admin authentication workflows.

$ sikker primitives 172.71.148.150

http_method_get2 http_path_dotenv1 http_path_xmlrpc_php1 http_phpunit_eval_stdin_php_path_access1 http_wp_login_form_urlencoded_credentials_unordered1

$ sikker related 172.71.148.150

🇩🇪·More threats fromGermany→AS·More threats fromCloudflare, Inc.→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
104.23.248.94	15%	4
104.23.254.53	10%	1
172.71.178.88	10%	1
172.71.178.142	7%	12
172.70.34.16	10%	1

IP Address	Confidence	Events
158.173.154.150	80%	376
176.65.132.141	100%	5,076
62.54.176.203	99%	96