JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.109.38.168

20.109.38.168 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 55%: ?

55%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.109.38.168

Whois 20.109.38.168

IP Abuse Reports for 20.109.38.168:

This IP address has been reported a total of 14 times from 12 distinct sources. 20.109.38.168 was first reported on June 1st 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-10 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
Anonymous	2026-06-10 15:04:58 (1 week ago)	IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/http-sensitive-files; Action=ban; Event ... show more IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/http-sensitive-files; Action=ban; Events=6; Hosts=45.137.198.87; Paths=/.env,/.env.local,/.env.save,/.git/config,/wp-config.php.bak; Country=US; ASN=8075 MICROSOFT-CORP-MSN-AS-BLOCK show less	Hacking Web App Attack
🇧🇪 boxed-it	2026-06-10 13:50:05 (1 week ago)	GET /.git/config (Tarpitted for 33m47s, wasted 118.83kB)	Web App Attack
🇫🇷 masterguru	2026-06-10 13:35:16 (1 week ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-197)	Hacking Bad Web Bot
Anonymous	2026-06-10 12:05:00 (1 week ago)	The following intrusion was observed: HTPasswd.Access.	Web App Attack
🇧🇷 diego	2026-06-10 11:45:20 (1 week ago)	[probe-44-49] 2026-06-10 11:29:04, Client: 20.109.38.168, Protocol: 6, Unauthorized activity to HTTP ... show more [probe-44-49] 2026-06-10 11:29:04, Client: 20.109.38.168, Protocol: 6, Unauthorized activity to HTTP: POST /___proxy_subdomain_whm/login/ show less	Web App Attack
🇺🇸 alecj.com	2026-06-10 11:32:25 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-10 11:25:51 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.109.38.168 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.109.38.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 07:25:43.668087 2026] [security2:error] [pid 28083:tid 28083] [client 20.109.38.168:59084] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.37"] [uri "/.git/HEAD"] [unique_id "ailJtyzDJ6Uh1NZye4_xAQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Savvii	2026-06-10 10:48:38 (1 week ago)	15 attempts against mh-modsecurity-ban on star	Brute-Force Web App Attack
🇷🇸 Scan	2026-06-02 00:08:10 (3 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 MPL	2026-06-01 22:28:05 (3 weeks ago)	tcp ports: 8443,80 (4 or more attempts)	Port Scan
🇺🇸 MPL	2026-06-01 20:48:10 (3 weeks ago)	tcp port scan (4 or more attempts)	Port Scan
🇺🇸 MPL	2026-06-01 20:48:10 (3 weeks ago)	tcp port scan (20 or more attempts)	Port Scan
🇬🇧 PeravixGroup	2026-06-01 19:57:37 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 213.177.179.80

🇧🇷 191.240.96.172

🇮🇳 182.95.119.30

🇷🇺 178.178.222.59

🇨🇳 150.255.249.150

🇰🇷 118.33.119.34

🇸🇰 91.223.69.87

🇺🇸 198.46.131.42

🇳🇱 193.176.31.230

🇵🇱 185.238.72.3

🇺🇸 142.251.155.119

🇮🇳 122.187.230.177

🇮🇳 117.239.45.10

🇻🇳 103.173.154.45

🇧🇬 79.124.56.250

🇺🇸 66.132.224.88

🇱🇹 62.60.130.219

🇫🇷 54.37.20.198

🇲🇾 49.124.131.248

🇳🇱 45.81.23.7