Check an IP Address, Domain Name, Subnet, or ASN

178.20.210.63 was found in our database!

Confidence Level

99%

Very High?

Geolocation

🇩🇪

Germany

ISPShereverov Marat Ahmedovich

ASNAS210006

Activity Timeline

First seenMar 8, 2026, 04:59 AM

Last seen2h ago

1,035Sessions

1,157Events

Protocol Breakdown

HTTPS

803 / 925

HTTP

203 / 203

MYSQL

8 / 8

IMAP

4 / 4

SMTP

4 / 4

POSTGRES

3 / 3

FTP

2 / 2

RDP

2 / 2

SSH

2 / 2

SMB

1 / 1

MSSQL

1 / 1

REDIS

1 / 1

MONGODB

1 / 1

178.20.210.63 has a very high threat confidence level of 99%, originating from Germany, on the Shereverov Marat Ahmedovich network (210006). It has been observed across 1,035 sessions targeting HTTPS, HTTP, MYSQL, IMAP, SMTP and 8 other protocols, with detected attack patterns including http dotenv file exposure probe, First observed on March 8, 2026, most recently active March 11, 2026.

Behaviors

Classified behavioral patterns observed

Http Dotenv File Exposure Probe

high1x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

Https Dotgit Repository Configuration Exposure Probe

medium5x

Identifies an HTTPS request targeting the .git/config file within a web-accessible repository directory. Access attempts to /.git/config indicate automated repository exposure scanning intended to retrieve remote origin URLs, repository structure, and potentially credential-bearing configuration data. This is a common reconnaissance technique used to identify misconfigured web servers exposing version control metadata.

Https Root Path Request

info229x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Root Path Request

info59x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Redis Info Command Invocation

info1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

Primitives

Individual actions observed

Http Method Get695 Https Path Root280 Https Git Head File Access88 Https Path Dotgit Config26 Https Path Dotenv11 Https Path Config Json6 Http Git Head File Access6 Https Path Dotbash History6 Https Path Dotaws Credentials4 Http Path Config Json2 Http Path Dotgit Config2 Https Path Dotenv Local2 Http Path Dotbash History2 Http Path Dotenv1 Redis Info Uppercase1 Postgres Query Semicolon1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
178.20.210.137	49%	103
45.87.249.170	57%	278
45.87.249.40	65%	49
45.87.249.145	61%	145
45.87.249.198	41%	7

IP Address	Confidence	Events
87.106.147.36	100%	107,756
217.160.200.43	98%	4,589
139.59.209.98	96%	21
5.249.163.87	86%	1,997
80.253.251.63	99%	104