JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.109.38.162

20.109.38.162 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.109.38.162

Whois 20.109.38.162

IP Abuse Reports for 20.109.38.162:

This IP address has been reported a total of 30 times from 21 distinct sources. 20.109.38.162 was first reported on November 18th 2025, and the most recent report was 19 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 MPL	2026-06-01 08:43:01 (2 days ago)	tcp port scan (8 or more attempts)	Port Scan
🇹🇷 SeczarSecureOps	2026-06-01 08:34:33 (2 days ago)	Auto-blocked by Seczar SecureOps — Port Scan Detection (15 events in 10min) at 2026-06-01 08:34	Port Scan
🇷🇸 Scan	2026-06-01 08:29:35 (2 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇮🇱 spd.co.il	2026-05-22 12:09:25 (1 week ago)	Web application attack detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 13:43:02 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.109.38.162 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.109.38.162 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 09:42:55.359303 2026] [security2:error] [pid 4082:tid 4200] [client 20.109.38.162:9344] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "credit-card-cap.com"] [uri "/.env"] [unique_id "ag26X9RpeOf5zNnbBT8mgQAAAUM"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 AvonleaConsulting	2026-05-20 12:21:45 (2 weeks ago)	Scanning unused Default website or suspicious access to valid sites from IP marked as abusive	Bad Web Bot Web App Attack
Anonymous	2026-05-20 10:16:47 (2 weeks ago)	(PERMBLOCK) 20.109.38.162 (US/United States/-) has had more than 4 temp blocks in the last 86400 sec ... show more (PERMBLOCK) 20.109.38.162 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan
Anonymous	2026-05-20 10:00:19 (2 weeks ago)	(caddyscan) Scanner path probe from 20.109.38.162 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 20.109.38.162 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:53:47 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:53:47 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:53:47 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:53:47 +0000] "GET /@fs/.git/config?import?raw HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:10:00:15 +0000] "GET /.env HTTP/1.1" show less	Port Scan
Anonymous	2026-05-20 09:23:29 (2 weeks ago)	(caddyscan) Scanner path probe from 20.109.38.162 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 20.109.38.162 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:23:26 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:23:27 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:23:27 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:23:27 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:23:27 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1" show less	Port Scan
Anonymous	2026-05-20 09:06:11 (2 weeks ago)	(caddyscan) Scanner path probe from 20.109.38.162 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 20.109.38.162 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:06:07 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:06:07 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:06:07 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:06:07 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:09:06:07 +0000] "GET /@fs/.git/config?import?raw HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-20 08:37:04 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.109.38.162 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.109.38.162 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 04:36:57.120464 2026] [security2:error] [pid 31379:tid 31486] [client 20.109.38.162:9345] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chronotar.com"] [uri "/config/.env"] [unique_id "ag1yqb3psCznsllF9wm3BQAAAoA"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-20 08:33:36 (2 weeks ago)	(caddyscan) Scanner path probe from 20.109.38.162 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 20.109.38.162 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:08:33:33 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:08:33:33 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:08:33:34 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:08:33:34 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.109.38.162 - - [20/May/2026:08:33:34 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇯🇵 demonsword	2026-05-17 04:12:59 (2 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.binance.com:443 show less	Open Proxy Port Scan
🇺🇸 MPL	2026-01-18 15:37:21 (4 months ago)	tcp/23 (2 or more attempts)	Port Scan
🇺🇸 Rayulcifer	2025-11-18 06:48:02 (6 months ago)	20.109.38.162 - - [18/Nov/2025:01:48:02 -0500] "CONNECT load.vmheaven.io:443 HTTP/1.1" 502 587 "-" " ... show more 20.109.38.162 - - [18/Nov/2025:01:48:02 -0500] "CONNECT load.vmheaven.io:443 HTTP/1.1" 502 587 "-" "-" 20.109.38.162 - - [18/Nov/2025:01:48:02 -0500] "\x16\x03\x01" 400 491 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH

Showing 16 to 30 of 30 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 147.185.132.147

🇨🇳 42.232.225.237

🇲🇾 203.56.25.75

🇸🇾 185.216.134.126

🇳🇿 185.99.133.244

🇺🇸 162.216.149.31

🇺🇸 143.198.131.167

🇮🇩 103.81.110.90

🇺🇸 68.183.165.99

🇫🇮 65.109.35.209

🇩🇪 36.255.97.15

🇷🇴 2.57.122.177

🇩🇪 138.68.70.63

🇷🇴 92.118.39.236

🇮🇪 52.31.67.171

🇵🇪 38.250.148.174

🇨🇳 14.103.46.139

🇺🇸 154.16.113.195

🇭🇰 114.111.53.214

🇺🇸 64.62.156.175