JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.209.11.20

104.209.11.20 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 65%: ?

65%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.209.11.20

Whois 104.209.11.20

IP Abuse Reports for 104.209.11.20:

This IP address has been reported a total of 24 times from 17 distinct sources. 104.209.11.20 was first reported on March 27th 2026, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇸 Scan	2026-06-17 00:17:07 (8 hours ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
Anonymous	2026-06-16 22:39:35 (10 hours ago)	[Tue Jun 16 15:39:29.064625 2026] [authz_core:error] [pid 1747381] [client 104.209.11.20:43651] AH01 ... show more [Tue Jun 16 15:39:29.064625 2026] [authz_core:error] [pid 1747381] [client 104.209.11.20:43651] AH01630: client denied by server configuration: /home/appowner/www/sec/.git [Tue Jun 16 15:39:30.493154 2026] [authz_core:error] [pid 1747365] [client 104.209.11.20:43661] AH01630: client denied by server configuration: /home/appowner/www/sec/.git [Tue Jun 16 15:39:31.964434 2026] [authz_core:error] [pid 1747448] [client 104.209.11.20:43664] AH01630: client denied by server configuration: /home/appowner/www/sec/.git [Tue Jun 16 15:39:33.899763 2026] [authz_core:error] [pid 1747394] [client 104.209.11.20:43667] AH01630: client denied by server configuration: /home/appowner/www/sec/.git [Tue Jun 16 15:39:35.207372 2026] [authz_core:error] [pid 1739486] [client 104.209.11.20:43672] AH01630: client denied by server configuration: /home/appowner/www/sec/.git ... show less	Brute-Force SSH
Anonymous	2026-06-16 22:10:33 (10 hours ago)	Port Scan	Port Scan
🇹🇷 Threat.live	2026-06-16 20:50:04 (12 hours ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 TPI-Abuse	2026-06-16 19:51:09 (13 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 15:51:05.389962 2026] [security2:error] [pid 11758:tid 11758] [client 104.209.11.20:43083] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.218"] [uri "/.git/HEAD"] [unique_id "ajGpKfTFGII0xgHQ9dnNJQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-16 14:25:30 (18 hours ago)	Multiple WAF Violations	Web App Attack
🇺🇸 MPL	2026-06-16 12:54:30 (20 hours ago)	tcp port scan (10 or more attempts)	Port Scan
🇮🇱 spd.co.il	2026-05-23 13:03:18 (3 weeks ago)	Web application attack detected	Hacking Web App Attack
🇨🇭 YF	2026-05-21 18:06:14 (3 weeks ago)	Environment file probe	Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 17:47:29 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 13:47:26.597943 2026] [security2:error] [pid 17785:tid 17785] [client 104.209.11.20:10506] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kathrynsaunders.com"] [uri "/.env"] [unique_id "ag9FLg56mO_xn3_L5vEdpAAAAA0"], referer: https://www.reddit.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2026-05-21 17:21:56 (3 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint: /.env \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-21 16:48:46 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 12:48:39.809418 2026] [security2:error] [pid 22159:tid 22159] [client 104.209.11.20:10569] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ubermilo.com.bwill.dev"] [uri "/.env"] [unique_id "ag83Z6SG9kGRbJe3HgPu4wAAAAI"], referer: https://mail.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 16:11:10 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 12:11:04.279815 2026] [security2:error] [pid 1196:tid 1196] [client 104.209.11.20:10500] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "getclock.click.rotarymagnetics.com"] [uri "/.env"] [unique_id "ag8umNUUu9rrMbz1i5uRuQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 15:05:12 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.209.11.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 11:05:05.285225 2026] [security2:error] [pid 957:tid 957] [client 104.209.11.20:11201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "susannahtuttle.com"] [uri "/.env"] [unique_id "ag8fIfBfFYHpIJoepaWYmAAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-05-21 12:20:02 (3 weeks ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇷 85.198.19.242

🇸🇬 47.79.11.121

🇳🇱 45.198.224.245

🇱🇹 216.132.188.220

🇱🇹 216.132.188.146

🇮🇳 182.70.182.223

🇸🇬 168.144.34.131

🇸🇬 165.154.29.93

🇩🇪 159.65.112.25

🇹🇭 147.50.231.135

🇮🇳 103.160.70.160

🇰🇬 85.113.28.180

🇺🇸 74.7.229.118

🇳🇱 45.148.10.141

🇳🇱 45.142.193.223

🇵🇱 45.141.233.69

🇧🇪 35.241.199.222

🇬🇧 35.203.210.11

🇷🇺 5.104.40.118

🇺🇸 216.25.89.82