JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.118.238.23

20.118.238.23 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 57%: ?

57%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.118.238.23

Whois 20.118.238.23

IP Abuse Reports for 20.118.238.23:

This IP address has been reported a total of 14 times from 13 distinct sources. 20.118.238.23 was first reported on June 10th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇴 adalbertoreyes.org	2026-06-16 17:02:59 (1 week ago)	CategoryPortScan	Port Scan
🇺🇸 MPL	2026-06-16 08:38:28 (1 week ago)	tcp port scan (6 or more attempts)	Port Scan
🇦🇹 urnilxfgbez	2026-06-10 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇪 wiredalter	2026-06-10 17:12:35 (2 weeks ago)	Blocked by UFW on dVPS [2082/tcp] Source Port: 4156 TTL: 43 Packet Length: 60 TOS: 0x00 Analyzed by ... show more Blocked by UFW on dVPS [2082/tcp] Source Port: 4156 TTL: 43 Packet Length: 60 TOS: 0x00 Analyzed by https://ip.wiredalter.com show less	Port Scan Brute-Force
Anonymous	2026-06-10 16:52:08 (2 weeks ago)	Bot / scanning and/or hacking attempts: GET /.env.save HTTP/1.1, GET /phpinfo.php HTTP/1.1, GET /wp- ... show more Bot / scanning and/or hacking attempts: GET /.env.save HTTP/1.1, GET /phpinfo.php HTTP/1.1, GET /wp-config.php.bak HTTP/1.1, GET /.env.local HTTP/1.1, GET /wp-config.php HTTP/1.1, GET /.DS_Store HTTP/1.1, GET /.env.backup HTTP/1.1, GET /config.php HTTP/1.1, GET /.git/config HTTP/1.1, GET /.aws/credentials HTTP/1.1, GET /actuator/env HTTP/1.1 show less	Hacking Web App Attack
🇩🇪 anycast_ac	2026-06-10 16:50:26 (2 weeks ago)	[mirai-detector honeypot] Inbound attack against our honeypot on tcp/8080 (http). Commands captured: ... show more [mirai-detector honeypot] Inbound attack against our honeypot on tcp/8080 (http). Commands captured: $ show less	DDoS Attack IoT Targeted Brute-Force
🇦🇱 router.al	2026-06-10 16:45:04 (2 weeks ago)	06/10/2026-16:45:04.258610 20.118.238.23 Protocol: 6 GPL WEB_SERVER .htpasswd access	Hacking
🇩🇪 anycast_ac	2026-06-10 16:31:18 (2 weeks ago)	[mirai-detector honeypot] Inbound attack against our honeypot on tcp/8443 (generic).	DDoS Attack IoT Targeted Brute-Force
Anonymous	2026-06-10 16:06:00 (2 weeks ago)		Brute-Force SSH Hacking
Anonymous	2026-06-10 13:30:05 (2 weeks ago)	Triggered: repeated knocking on closed ports.	Port Scan
🇺🇸 TPI-Abuse	2026-06-10 13:03:34 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.118.238.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.118.238.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 09:03:29.135846 2026] [security2:error] [pid 2611:tid 2611] [client 20.118.238.23:4718] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.51"] [uri "/.git/HEAD"] [unique_id "ailgoUBJkAN0KHmz-V4ezgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 12:37:32 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 RAP	2026-06-10 12:33:04 (2 weeks ago)	2026-06-10 12:33:04 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇺🇸 gu-alvareza	2026-06-10 07:06:07 (2 weeks ago)	Spring.Boot.Actuator.Unauthorized.Access	Brute-Force

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.225

🇺🇸 172.253.221.154

🇹🇭 110.77.148.87

🇳🇱 91.92.40.19

🇳🇱 45.198.224.115

🇺🇸 20.65.195.58

🇪🇸 217.154.106.153

🇧🇷 209.14.85.116

🇺🇸 152.32.205.7

🇰🇿 45.8.119.168

🇬🇧 13.42.64.14

🇮🇳 203.129.217.70

🇸🇬 118.194.234.189

🇺🇸 100.56.250.80

🇺🇸 100.51.194.111

🇩🇪 194.187.176.181

🇺🇸 162.216.149.184

🇺🇸 162.216.149.139

🇰🇷 112.161.26.125

🇪🇸 88.21.21.240