JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.106.182.196

20.106.182.196 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.106.182.196

Whois 20.106.182.196

IP Abuse Reports for 20.106.182.196:

This IP address has been reported a total of 25 times from 22 distinct sources. 20.106.182.196 was first reported on June 2nd 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-15 06:40:21 (11 hours ago)	Multiple WAF Violations	Web App Attack
🇹🇷 Threat.live	2026-06-15 06:30:09 (11 hours ago)	Suspicious Connection Attempts	Brute-Force
🇬🇧 Smish	2026-06-15 06:10:20 (12 hours ago)	HONEYPOT HIT --> Fail2ban time=1781503818 log=2026-06-15T07:10:18+01:00 ip=20.106.182.196 host=89.39 ... show more HONEYPOT HIT --> Fail2ban time=1781503818 log=2026-06-15T07:10:18+01:00 ip=20.106.182.196 host=89.39.211.7 method=GET uri="/.env" status=404 ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ref="-" rid=f1c53bd509a4fe5f22784f494a520594 show less	Web App Attack
🇬🇧 andypiper	2026-06-08 01:02:49 (1 week ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇧🇷 diego	2026-06-08 00:10:20 (1 week ago)	[probe-44-49] 2026-06-07 23:51:14, Client: 20.106.182.196, Protocol: 6, Unauthorized activity to HTT ... show more [probe-44-49] 2026-06-07 23:51:14, Client: 20.106.182.196, Protocol: 6, Unauthorized activity to HTTP: POST /___proxy_subdomain_whm/login/ show less	Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-08 00:06:02 (1 week ago)	Fail2Ban - [WEB]Exploit attempts (SQLi, RCE, path traversal) on webexploits ... [ice01,wa02]	Hacking SQL Injection Web App Attack
🇷🇸 Scan	2026-06-08 00:03:38 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇫🇷 geeek	2026-06-07 23:31:39 (1 week ago)	Port scanning: 8080 TCP Blocked	Port Scan
🇬🇧 sandra361	2026-06-07 23:07:01 (1 week ago)	Port scan detected: 7 attempts across 7 ports (2082,2083,2086,443,80,8080,8443). \| Evidence: GHOST_S ... show more Port scan detected: 7 attempts across 7 ports (2082,2083,2086,443,80,8080,8443). \| Evidence: GHOST_SCAN:IN=enp1s0f0 OUT= SRC=20.106.182.196 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=38923 DF PROTO=TCP SPT=61444 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇭🇰 mutebot.net	2026-06-07 22:07:45 (1 week ago)	SRC=20.106.182.196, PROTO=TCP, SPT=60826, DPT=8080	Port Scan
🇬🇧 thetomtaylor.co.uk	2026-06-07 22:05:03 (1 week ago)	Fail2Ban - [WEB]Exploit attempts (SQLi, RCE, path traversal) on webexploits ... [wa01]	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 21:29:09 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.106.182.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.106.182.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 17:29:03.325898 2026] [security2:error] [pid 7461:tid 7461] [client 20.106.182.196:60862] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.121"] [uri "/.git/HEAD"] [unique_id "aiXin0J3Vl_XxppcFmhdQgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 19:57:02 (1 week ago)	Bot / scanning and/or hacking attempts: GET /app/config/parameters.yml HTTP/1.1, GET /wp-config.php ... show more Bot / scanning and/or hacking attempts: GET /app/config/parameters.yml HTTP/1.1, GET /wp-config.php HTTP/1.1, GET /.env.save HTTP/1.1, GET /wp-config.php.bak HTTP/1.1, GET /config/database.yml HTTP/1.1, GET /.aws/credentials HTTP/1.1, GET /server-status HTTP/1.1, GET /.htpasswd HTTP/1.1, GET /config.php HTTP/1.1, GET /.git/HEAD HTTP/1.1, GET /.git/config HTTP/1.1, GET /.env.production HTTP/1.1, POST /___proxy_subdomain_whm/login/?login_only=1 HTTP/1.1, GET /___proxy_subdomain_whm/login/ HTTP/1.1, GET /.env.backup HTTP/1.1, GET /.env.local HTTP/1.1, GET /actuator/env HTTP/1.1, GET /backup.sql HTTP/1.1, GET /phpinfo.php HTTP/1.1, GET /dump.sql HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 RAP	2026-06-07 19:38:40 (1 week ago)	2026-06-07 19:38:40 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
Anonymous	2026-06-07 18:50:01 (1 week ago)	\| Suspicious URL access.	Web App Attack Hacking SQL Injection

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4002:c1b::128

🇸🇬 185.200.116.71

🇸🇬 167.172.89.254

🇺🇸 91.230.168.190

🇦🇷 45.174.23.45

🇺🇸 13.90.206.6

🇺🇸 173.239.211.9

🇺🇸 69.116.113.163

🇳🇱 45.148.10.147

🇺🇸 20.119.87.97

🇸🇪 2a02:752:0:18::16da

🇨🇳 222.76.248.54

🇺🇸 173.244.60.155

🇩🇪 162.158.86.44

🇩🇪 159.89.30.252

🇩🇪 157.230.17.112

🇺🇸 107.150.105.116

🇩🇪 91.92.240.42

🇩🇪 78.111.67.246

🇩🇪 69.5.169.77