JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.161.28.98

20.161.28.98 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.161.28.98

Whois 20.161.28.98

IP Abuse Reports for 20.161.28.98:

This IP address has been reported a total of 39 times from 31 distinct sources. 20.161.28.98 was first reported on October 17th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 SOC-BR	2026-06-04 07:22:33 (3 days ago)	Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-03 0 ... show more Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-03 03:46:01 - Source Port 64145 show less	Port Scan Hacking
🇳🇱 SysAdmin Dylan	2026-06-03 06:59:54 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 20.161.28.98 (US/United States/-): 10 in the la ... show more (mod_security) mod_security (id:210730) triggered by 20.161.28.98 (US/United States/-): 10 in the last 3600 secs show less	Brute-Force
🇹🇷 Threat.live	2026-06-03 06:10:02 (4 days ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 TPI-Abuse	2026-06-03 06:09:02 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 20.161.28.98 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.161.28.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:08:57.894425 2026] [security2:error] [pid 31703:tid 31703] [client 20.161.28.98:54352] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.37"] [uri "/.git/HEAD"] [unique_id "ah_E-f-rsWEDOfFMkom48wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 GabrielJST	2026-06-03 06:04:30 (4 days ago)	Port Scan detected from 20.161.28.98 (US/United States/-).	Port Scan
🇹🇷 Detmach	2026-06-03 05:50:48 (4 days ago)	Security attack detected. Multiple failed attempts from 20.161.28.98. IP banned for 1440 minutes at ... show more Security attack detected. Multiple failed attempts from 20.161.28.98. IP banned for 1440 minutes at 03.06.2026 08:50:48. Failed attempts: 1 show less	Brute-Force
🇸🇪 NordhTech	2026-06-03 05:30:06 (4 days ago)	More than 3 malicious connection attempts, trying port(s) 2087/tcp, then blocked from services ...	Port Scan Hacking
🇩🇪 london2038.com	2026-06-03 05:12:37 (4 days ago)	Connection atttempts against closed TCP ports Jun 3 07:12:36 BLOCK SRC=20.161.28.98 LEN=60 TOS=0x00 ... show more Connection atttempts against closed TCP ports Jun 3 07:12:36 BLOCK SRC=20.161.28.98 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=46137 DF PROTO=TCP SPT=54578 DPT=2083 WINDOW=64240 RES=0x00 SYN Jun 3 07:12:36 BLOCK SRC=20.161.28.98 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41655 DF PROTO=TCP SPT=56178 DPT=2086 WINDOW=64240 RES=0x00 SYN Jun 3 07:12:36 BLOCK SRC=20.161.28.98 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=52627 DF PROTO=TCP SPT=56296 DPT=2082 WINDOW=64240 RES=0x00 SYN show less	Port Scan
🇨🇿 huginet	2026-06-03 05:07:50 (4 days ago)	20.161.28.98 - - [03/Jun/2026:07:07:47 +0200] "GET /.git/HEAD HTTP/1.1" 404 196 20.161.28.98 - - [03 ... show more 20.161.28.98 - - [03/Jun/2026:07:07:47 +0200] "GET /.git/HEAD HTTP/1.1" 404 196 20.161.28.98 - - [03/Jun/2026:07:07:49 +0200] "GET /.git/config HTTP/1.1" 404 196 ... show less	Web Spam Web App Attack
🇮🇪 AutosOnShow	2026-06-03 04:49:05 (4 days ago)	blocked for webapp attack \| path requested: /.git/config \| seen at 2026-06-03 04:48:33.091 \|	Web App Attack
🇧🇷 vfAcceloReporter	2026-06-03 04:47:50 (4 days ago)	20.161.28.98 - - [03/Jun/2026:01:47:49 -0300] "GET /.env HTTP/1.1" 404 188 "-" "Mozilla/5.0 (Windows ... show more 20.161.28.98 - - [03/Jun/2026:01:47:49 -0300] "GET /.env HTTP/1.1" 404 188 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" ... show less	Brute-Force Web App Attack Exploited Host
🇩🇪 EGP Abuse Dept	2026-06-03 04:43:43 (4 days ago)	Scanning for web/db/file exploits on tpc-036.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇬🇧 PeravixGroup	2026-06-03 04:40:31 (4 days ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 paulo.apoloni	2026-06-03 04:21:43 (4 days ago)	20.161.28.98 - - [03/Jun/2026:01:21:38 -0300] "GET /.git/HEAD HTTP/1.1" 404 118 "-" "Mozilla/5.0 (Wi ... show more 20.161.28.98 - - [03/Jun/2026:01:21:38 -0300] "GET /.git/HEAD HTTP/1.1" 404 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 20.161.28.98 - - [03/Jun/2026:01:21:38 -0300] "GET /.git/config HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.161.28.98 - - [03/Jun/2026:01:21:39 -0300] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.161.28.98 - - [03/Jun/2026:01:21:40 -0300] "GET /.env.local HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 20.161.28.98 - - [03/Jun/2026:01:21:43 -0300] "GET /.env.save HTTP/1.1" 404 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Web App Attack
🇺🇸 NXTwoThou	2026-06-03 04:20:34 (4 days ago)	/.git/HEAD	Web App Attack

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2604:a880:400:d1:0:4:8c0b:7001

🇺🇸 207.90.244.5

🇧🇷 205.210.31.242

🇻🇪 190.74.196.246

🇲🇽 189.169.77.217

🇵🇰 182.191.77.164

🇨🇳 119.115.160.114

🇨🇦 85.217.149.24

🇺🇸 13.58.114.74

🇧🇷 205.210.31.254

🇩🇴 190.167.237.191

🇧🇷 177.92.247.73

🇨🇳 113.54.215.173

🇨🇳 103.152.76.141

🇳🇬 102.219.155.13

🇨🇳 58.19.79.7

🇳🇱 45.148.10.147

🇧🇷 43.164.194.198

🇬🇧 35.203.210.130

🇺🇸 23.94.136.36