ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/64.137.96.240
2026-03- ...
show moreThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/64.137.96.240
2026-03-05 03:26:00 /,{"body":"0x%5B%5D=androxgh0st","content_type":"application/x-www-form-urlencoded","header":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"Connection":["close"],"Content-Length":["20"],"Content-Type":["application/x-www-form-urlencoded"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36"]},"host":"18.141.225.60","method":"POST","proto":"HTTP/1.1","remote_addr":"64.137.96.240:44053","status_code":200,"url":"/","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36"}
2026-03-05 03:25:59 /.env
show less
Attempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" ...
show moreAttempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" resources improperly exposed externally and "protected" only by a lack of external DNS resolution.
64.137.96.240 - - [31/Jan/2026:00:26:42 +0000] "GET /.env HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36" "-"
show less
This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET INFO Request to ...
show moreThis IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET INFO Request to Hidden Environment File - Inbound). Ip 64.137.96.240 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2025-11-15 05:09:21.050309984 +0000 UTC
show less
Malicious IP detected by WAF with anomaly score 10.0. Attack types: Exposure of environment file (.e ...
show moreMalicious IP detected by WAF with anomaly score 10.0. Attack types: Exposure of environment file (.env), Timestamp deviates by 2.1 hours, Suspicious URL detected (extended rules). Activity: 62 requests to 2 URLs. Time: 2025-08-18 04:10:01 (America/Bogota). Origin: ES. Source: Automated WAF log analysis.
show less