Check an IP Address, Domain Name, Subnet, or ASN

195.170.172.108 was found in our database!

$ whois 195.170.172.108

country·🇪🇸 Spain

isp·NextGenWebs, S.L.

asn·AS41608

network·Standard

$ sikker risk 195.170.172.108scoring →

confidence

91%Very High

first_seen·Apr 23, 2026

last_seen·1h ago

sessions·67

events·67

$ sikker protocols 195.170.172.108

HTTP

49 / 49

HTTPS

18 / 18

$ sikker summary 195.170.172.108

195.170.172.108 has a threat confidence score of 91%. This IP address from Spain (AS41608, NextGenWebs, S.L.) has been observed in 67 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include http dotenv file exposure probe. First observed on April 23, 2026, most recently active April 30, 2026.

$ sikker behaviors 195.170.172.108catalog →

highHttp Dotenv File Exposure Probe2x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Http Method Get28x

HTTP request using GET method.

infoHttp Root Path Request28x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 195.170.172.108

http_method_get161 http_path_dotaws_credentials3 http_request_path_aws_config_file3 https_path_root2 http_path_dotenv2 http_path_config_json2 http_path_dotenv_development2 https_path_dotaws_credentials2 http_request_path_home_ubuntu_aws_credentials2 https_path_dotenv1 http_path_bad_request1 http_request_path_root_aws_credentials1

$ sikker related 195.170.172.108

🇪🇸·More threats fromSpain→AS·More threats fromNextGenWebs, S.L.→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.213.174.45	43%	12
195.170.172.216	50%	722
88.151.33.33	62%	11
185.213.175.176	85%	833
195.170.172.128	94%	3,360

IP Address	Confidence	Events
81.9.140.220	100%	87
90.173.78.90	49%	528
46.6.125.137	99%	35
5.182.83.231	100%	3,121
213.165.81.229	69%	5