JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.109.36.226

20.109.36.226 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 55%: ?

55%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.109.36.226

Whois 20.109.36.226

IP Abuse Reports for 20.109.36.226:

This IP address has been reported a total of 29 times from 20 distinct sources. 20.109.36.226 was first reported on October 9th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 sid3windr	2026-06-12 07:26:23 (3 days ago)	GET /.git/config (Tarpitted for 1d15h8m26s, wasted 8.06MB)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 20:25:07 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 20.109.36.226 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.109.36.226 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 16:25:01.194974 2026] [security2:error] [pid 14263:tid 14263] [client 20.109.36.226:33096] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.21"] [uri "/.git/HEAD"] [unique_id "ainIHe5MjeUUbMK19t36LQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 19:17:00 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 20.109.36.226 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.109.36.226 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 15:16:55.359269 2026] [security2:error] [pid 3485:tid 3485] [client 20.109.36.226:32737] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.177"] [uri "/.git/HEAD"] [unique_id "aim4J949JkmyKX2LcDpShwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 18:29:51 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 20.109.36.226 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.109.36.226 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 14:29:45.698117 2026] [security2:error] [pid 31783:tid 31783] [client 20.109.36.226:31952] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.138"] [uri "/.git/HEAD"] [unique_id "aimtGY2mSoLbwOtjS713MgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 Starburst SysOp Team	2026-06-10 18:06:38 (5 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-ams6-1)	Hacking Bad Web Bot
🇧🇾 lns.bz	2026-06-10 17:37:26 (5 days ago)	.env scanning [BY]	Web App Attack
🇬🇧 djboddington	2026-06-10 17:27:29 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 MPL	2026-06-10 17:18:34 (5 days ago)	tcp port scan (24 or more attempts)	Port Scan
🇳🇱 SysAdmin Dylan	2026-06-10 17:06:35 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 20.109.36.226 (US/United States/-): 10 in the l ... show more (mod_security) mod_security (id:210492) triggered by 20.109.36.226 (US/United States/-): 10 in the last 3600 secs show less	Brute-Force
🇧🇾 lns.bz	2026-06-10 15:50:43 (5 days ago)	Too many 404 requests [BY]	Web App Attack
🇫🇷 dynamix	2026-06-10 15:49:54 (5 days ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-05-31 09:03:15 (2 weeks ago)	apache exploit attempt	Hacking SQL Injection
🇨🇳 ThreatBook.io	2026-04-09 22:23:50 (2 months ago)	ThreatBook Intelligence: Spam,Info more details on https://threatbook.io/ip/20.109.36.226 2026-04-09 ... show more ThreatBook Intelligence: Spam,Info more details on https://threatbook.io/ip/20.109.36.226 2026-04-09 07:31:12 /status show less	Web App Attack
🇫🇷 dynamix	2026-04-08 04:32:01 (2 months ago)	Multiple WAF Violations	Web App Attack
🇩🇪 big-cloud.nl	2026-04-08 03:36:51 (2 months ago)	Try to access /.git/config	Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2604:a880:400:d1:0:4:9621:a001

🇲🇽 187.191.48.24

🇱🇻 62.60.234.140

🇺🇸 34.61.123.208

🇰🇷 175.126.37.156

🇺🇸 147.185.132.213

🇮🇩 118.99.114.224

🇨🇳 42.230.42.223

🇬🇧 35.203.211.226

🇧🇪 34.62.193.148

🇺🇸 2604:a880:400:d1:0:4:961a:c001

🇮🇩 182.8.68.34

🇵🇾 181.126.153.167

🇫🇮 147.185.133.40

🇩🇪 64.188.83.244

🇧🇷 45.164.39.253

🇸🇬 43.174.246.35

🇩🇪 43.165.3.187

🇭🇰 43.128.60.40

🇮🇩 36.70.226.76