JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.106.191.53

20.106.191.53 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 61%: ?

61%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.106.191.53

Whois 20.106.191.53

IP Abuse Reports for 20.106.191.53:

This IP address has been reported a total of 22 times from 15 distinct sources. 20.106.191.53 was first reported on May 22nd 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇸 Scan	2026-06-17 00:24:14 (6 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 xmission.com	2026-06-17 00:05:45 (6 days ago)	Blocked by UFW (TCP on 2082) Source port: 37889 TTL: 47 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2082) Source port: 37889 TTL: 47 Packet length: 60 TOS: 0x00 This report (for 20.106.191.53) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-07 12:24:09 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.106.191.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.106.191.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 08:24:03.571422 2026] [security2:error] [pid 3903:tid 3903] [client 20.106.191.53:38930] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.10"] [uri "/.git/HEAD"] [unique_id "aiVi43CIHA5foLrZGHH_vwAAACs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-07 12:20:05 (2 weeks ago)	Blocked by UFW (TCP on 80) Source port: 37775 TTL: 114 Packet length: 40 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 80) Source port: 37775 TTL: 114 Packet length: 40 TOS: 0x00 This report (for 20.106.191.53) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇩🇪 Mr-Money	2026-06-07 12:04:30 (2 weeks ago)	20.106.191.53 - - [07/Jun/2026:14:04:30 +0200] "GET /.git/HEAD HTTP/1.1" 404 400 "-" "Mozilla/5.0 (W ... show more 20.106.191.53 - - [07/Jun/2026:14:04:30 +0200] "GET /.git/HEAD HTTP/1.1" 404 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack
🇹🇷 Threat.live	2026-06-07 09:05:04 (2 weeks ago)	Threat.live: Web Scan	Web App Attack
🇫🇷 masterguru	2026-06-07 08:40:39 (2 weeks ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-197)	Hacking Bad Web Bot
🇬🇧 djboddington	2026-06-07 08:34:34 (2 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇩🇪 gadix	2026-06-07 07:46:30 (2 weeks ago)	[07/Jun/2026:09:46:20.627627 +0200] aiUhzP9oVWIhcSwhSoWjyQAAAIA 20.106.191.53 48436 127.0.0.1 7081 [ ... show more [07/Jun/2026:09:46:20.627627 +0200] aiUhzP9oVWIhcSwhSoWjyQAAAIA 20.106.191.53 48436 127.0.0.1 7081 [07/Jun/2026:09:46:22.348736 +0200] aiUhzv9oVWIhcSwhSoWjygAAAJQ 20.106.191.53 48450 127.0.0.1 7081 [07/Jun/2026:09:46:24.675028 +0200] aiUh0P9oVWIhcSwhSoWjywAAAJU 20.106.191.53 46412 127.0.0.1 7080 ... show less	Web App Attack
🇧🇷 SOC PR	2026-06-07 07:32:18 (2 weeks ago)	IPS: Web Server Exposed Git Repository Information Disclosure.	Hacking
🇫🇷 sthoyer.de	2026-06-04 16:58:23 (2 weeks ago)	Jun 4 18:58:22 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd: ... show more Jun 4 18:58:22 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=20.106.191.53 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7680 DF PROTO=TCP SPT=14723 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 4 18:58:22 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=20.106.191.53 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=12537 DF PROTO=TCP SPT=14726 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 4 18:58:22 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=20.106.191.53 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12424 DF PROTO=TCP SPT=14726 DPT=2082 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 4 18:58:22 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=20.106.191.53 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=5797 DF PROTO=TCP SPT=14729 DPT=2083 WINDOW=6 ... show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-04 16:50:06 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.106.191.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.106.191.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 12:50:02.891462 2026] [security2:error] [pid 11643:tid 11643] [client 20.106.191.53:14730] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.75"] [uri "/.env.local"] [unique_id "aiGsulRZWONGI3is_RsI6QAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-04 16:12:22 (2 weeks ago)	tcp port scan (16 or more attempts)	Port Scan
🇹🇷 SeczarSecureOps	2026-06-04 14:52:09 (2 weeks ago)	Auto-blocked by Seczar SecureOps — Port Scan Detection (6 events in 10min) at 2026-06-04 14:52	Port Scan
🇺🇸 TPI-Abuse	2026-06-04 14:33:41 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.106.191.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.106.191.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 10:33:33.891027 2026] [security2:error] [pid 9222:tid 9222] [client 20.106.191.53:14730] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.117"] [uri "/.git/HEAD"] [unique_id "aiGMvbDmA2Q4Qxw6V32x0QAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇶 169.224.117.79

🇷🇴 141.98.83.240

🇺🇸 47.254.79.172

🇯🇵 8.216.9.49

🇨🇳 222.185.237.133

🇦🇹 212.186.132.235

🇺🇸 206.81.4.2

🇦🇷 186.158.142.135

🇮🇱 147.235.197.197

🇫🇮 147.185.133.138

🇺🇸 147.185.132.214

🇩🇪 144.76.32.190

🇺🇸 66.132.172.218

🇩🇪 64.89.163.97

🇺🇸 64.62.156.53

🇫🇷 51.75.141.245

🇿🇦 34.35.44.126

🇲🇽 187.188.76.204

🇺🇾 186.50.169.19

🇳🇱 176.65.139.181