Confidence Level

63%

High?

Geolocation

🇯🇵

JapanTokyo

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenMar 8, 2026, 11:10 AM

Last seen1h ago

9Sessions

9Events

Protocol Breakdown

HTTPS

9 / 9

20.194.196.252 has a high threat confidence level of 63%, originating from Tokyo, Japan, on the Microsoft Corporation network (8075). It has been observed across 9 sessions targeting HTTPS, with detected attack patterns including https dotenv environment file exposure probe, First observed on March 8, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Https Dotenv Environment File Exposure Probe

high1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

Primitives

Individual actions observed

Https Path Dotenv1

Related Threats

Explore related threat intelligence

🇯🇵More threats fromJapan ASMore threats fromMicrosoft Corporation HTTPSMore threats targetingHTTPS { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
40.76.124.166	79%	160
172.173.117.246	100%	906
40.119.24.130	44%	363
4.145.113.4	91%	106
135.237.125.132	72%	181

IP Address	Confidence	Events
84.247.154.48	82%	597
126.145.70.188	29%	46
172.104.100.117	79%	2,297
43.133.187.11	37%	60
8.211.172.227	96%	177