Check an IP Address, Domain Name, Subnet, or ASN

172.71.95.69 was found in our database!

$ whois 172.71.95.69

country·🇳🇱 The Netherlands

city·Amsterdam

isp·Cloudflare, Inc.

asn·AS13335

network·Standard

$ sikker risk 172.71.95.69scoring →

confidence

25%Low

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·43

events·69

$ sikker protocols 172.71.95.69

HTTP

32 / 45

HTTPS

11 / 24

$ sikker summary 172.71.95.69

172.71.95.69 has a threat confidence score of 25%. This IP address from The Netherlands (AS13335, Cloudflare, Inc.) has been observed in 43 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on January 23, 2026, most recently active April 17, 2026.

$ sikker behaviors 172.71.95.69catalog →

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

mediumWordpress Urlencoded Auth Probe1x

Identifies HTTP sessions where WordPress authentication is attempted through URL-encoded form credential submission. This pattern is commonly associated with automated login probing, credential stuffing frameworks, or scripted reconnaissance against WordPress admin authentication workflows.

mediumHttps Dotgit Repository Configuration Exposure Probe1x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

infoHttp Http Method Get2x

HTTP request using GET method.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 172.71.95.69

http_method_get4 https_path_dotenv1 http_path_xmlrpc_php1 https_path_dotgit_config1 http_wp_login_form_urlencoded_credentials_unordered1

$ sikker related 172.71.95.69

🇳🇱·More threats fromThe Netherlands→AS·More threats fromCloudflare, Inc.→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
104.23.209.202	10%	8
172.71.30.152	8%	2
172.71.239.59	6%	1
172.68.71.84	11%	7
104.23.254.72	10%	1

IP Address	Confidence	Events
130.12.180.174	91%	6,949
192.42.116.55	42%	28
45.148.10.183	100%	13,774
192.42.116.54	70%	29
45.148.10.192	100%	36,728