JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.161.69.64

20.161.69.64 was found in our database!

This IP was reported 65 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.161.69.64

Whois 20.161.69.64

IP Abuse Reports for 20.161.69.64:

This IP address has been reported a total of 65 times from 26 distinct sources. 20.161.69.64 was first reported on March 16th 2026, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (13 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 gu-alvareza	2026-06-03 07:05:29 (1 day ago)	HTPasswd.Access	Brute-Force
🇵🇱 webadmin	2026-06-03 04:41:26 (1 day ago)		Web App Attack
🇹🇷 ozyurterdem	2026-06-03 04:02:16 (1 day ago)	T-Pot honeypot: 190 conns — scanner. SiberKale Threat Intel.	Port Scan
🇹🇭 Sawasdee	2026-06-03 03:48:12 (1 day ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇧🇷 Peregrine	2026-06-03 03:37:55 (1 day ago)	Fail2Ban Jail s2: tomcat-honeypot \| Evidence: - 20.161.69.64 - - [03/Jun/2026:00:37:30 -0300] "GET / ... show more Fail2Ban Jail s2: tomcat-honeypot \| Evidence: - 20.161.69.64 - - [03/Jun/2026:00:37:30 -0300] "GET /.git/HEAD HTTP/1.1" 404 414 - 20.161.69.64 - - [03/Jun/2026:00:37:31 -0300] "GET /.git/config HTTP/1.1" 404 414 show less	Bad Web Bot
🇳🇱 debestelapp	2026-06-03 03:37:14 (1 day ago)		Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 03:28:55 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.161.69.64 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.161.69.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:28:48.621512 2026] [security2:error] [pid 28247:tid 28247] [client 20.161.69.64:53051] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.217"] [uri "/.git/HEAD"] [unique_id "ah-fcDMDbGO8EtM7TreZiQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-03 03:26:35 (1 day ago)	2026-06-03 03:26:35 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇺🇸 Choice Tech LLC	2026-06-03 03:20:02 (1 day ago)	Blocked by OPNsense firewall; 8 hits, proto=tcp, ports=2082,2083,2086,2087,443,80,8080,8443	Port Scan Hacking
🇺🇸 MPL	2026-06-03 02:16:57 (1 day ago)	tcp port scan (8 or more attempts)	Port Scan
🇮🇪 AutosOnShow	2026-06-03 02:14:05 (1 day ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-03 02:13:21.110 \|	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 01:40:36 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.161.69.64 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.161.69.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:40:30.350706 2026] [security2:error] [pid 17543:tid 17543] [client 20.161.69.64:53734] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.190"] [uri "/.env.production"] [unique_id "ah-GDhZHE_b4HqeHXjiLNQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Scan	2026-06-03 01:38:00 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-03 01:11:30 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.161.69.64 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.161.69.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:11:24.492386 2026] [security2:error] [pid 28226:tid 28226] [client 20.161.69.64:38735] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.224"] [uri "/.git/HEAD"] [unique_id "ah9_POh0mcQUfuUln8-8LwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 65 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.20

🇦🇷 186.148.224.183

🇵🇭 180.191.140.23

🇭🇰 154.92.17.58

🇮🇳 135.235.138.43

🇺🇸 107.174.67.107

🇭🇰 45.142.154.98

🇸🇦 34.166.5.230

🇺🇸 23.143.16.23

🇺🇸 8.228.241.226

🇺🇸 216.131.83.10

🇨🇴 186.116.53.254

🇧🇪 185.132.187.116

🇵🇭 157.10.33.74

🇧🇷 152.67.46.203

🇲🇾 113.210.90.168

🇫🇷 91.196.152.185

🇷🇴 80.94.92.177

🇰🇿 79.133.191.128

🇲🇩 62.221.127.224