192.109.200.228 — Pfcloud UG (haftungsbeschrankt), SE — Very High (96%)

Check an IP Address, Domain Name, Subnet, or ASN

192.109.200.228 was found in our database!

Confidence Level

96%

Very High?

Geolocation

🇸🇪

SwedenStockholm

ISPPfcloud UG (haftungsbeschrankt)

ASNAS51396

Activity Timeline

First seenFeb 2, 2026, 09:05 PM

Last seen6d ago

207Sessions

380Events

Protocol Breakdown

HTTP

111 / 202

HTTPS

96 / 178

192.109.200.228 has a very high threat confidence level of 96%, originating from Stockholm, Sweden, on the Pfcloud UG (haftungsbeschrankt) network (51396). It has been observed across 207 sessions targeting HTTP, HTTPS, with detected attack patterns including http dotenv file exposure probe, https dotenv environment file exposure probe, First observed on February 2, 2026, most recently active February 27, 2026.

Behaviors

Classified behavioral patterns observed

Http Dotenv File Exposure Probe

high4x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

Https Dotenv Environment File Exposure Probe

high2x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

Http Root Path Request

info13x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Primitives

Individual actions observed

Http Method Get29 Https Path Root6 Http Path Dotenv4 Http Path Dotenv Development4 Https Path Dotenv Development4 Http Path Dotenv Local3 Https Path Dotenv Local3 Https Path Dotenv Production3 Https Path Dotenv2 Http Path Dotenv Production2 Http Path Dotaws Credentials2

Related Threats

Explore related threat intelligence

🇸🇪More threats fromSweden ASMore threats fromPfcloud UG (haftungsbeschrankt)HTTPMore threats targetingHTTP HTTPSMore threats targetingHTTPS { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
204.76.203.18	97%	30,166
204.76.203.215	93%	2,165
204.76.203.30	96%	9,231
204.76.203.8	89%	9,199
176.65.149.234	85%	207

IP Address	Confidence	Events
185.246.128.133	77%	314
85.229.46.153	52%	401
155.4.245.222	100%	653
171.25.158.70	100%	410
78.67.161.64	53%	362