JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.163.32.235

20.163.32.235 was found in our database!

This IP was reported 61 times. Confidence of Abuse is 79%: ?

79%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.163.32.235

Whois 20.163.32.235

IP Abuse Reports for 20.163.32.235:

This IP address has been reported a total of 61 times from 38 distinct sources. 20.163.32.235 was first reported on December 30th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-03 04:50:07 (2 weeks ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇩🇪 maxpower	2026-06-03 03:53:59 (2 weeks ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 20.163.32.235 (US/United States/-): 2 in ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 20.163.32.235 (US/United States/-): 2 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2026/06/03 05:53:50 [error] 4054478#4054478: 844606 access forbidden by rule, client: 20.163.32.235, server: casaflaiano.it, request: "GET /wp-config.php.bak HTTP/1.1", host: "51.77.95.117" 20.163.32.235 - - [03/Jun/2026:05:53:55 +0200] "GET /.aws/credentials HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" host=51.77.95.117 show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 03:26:48 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.163.32.235 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.163.32.235 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:26:44.260404 2026] [security2:error] [pid 5694:tid 5694] [client 20.163.32.235:29191] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.60"] [uri "/.git/HEAD"] [unique_id "ah-e9AraGwSUw0XGrCI8UwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-03 03:21:36 (2 weeks ago)	Multiple WAF Violations	Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-03 03:06:42 (2 weeks ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-mnz6-1)	Hacking Bad Web Bot
🇬🇧 PeravixGroup	2026-06-03 03:00:24 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
Anonymous	2026-06-03 02:45:51 (2 weeks ago)	PROTO=TCP DPT=2082	Port Scan Hacking
🇺🇸 xmission.com	2026-06-03 02:04:55 (2 weeks ago)	Blocked by UFW (TCP on 8080) Source port: 28095 TTL: 51 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 8080) Source port: 28095 TTL: 51 Packet length: 60 TOS: 0x00 This report (for 20.163.32.235) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇷🇸 Scan	2026-06-03 01:54:14 (2 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇮🇹 Inartis	2026-06-03 01:45:30 (2 weeks ago)	20.163.32.235 - - [03/Jun/2026:03:45:29 +0200] "GET /.git/HEAD HTTP/1.1" 302 418 "-" "Mozilla/5.0 (W ... show more 20.163.32.235 - - [03/Jun/2026:03:45:29 +0200] "GET /.git/HEAD HTTP/1.1" 302 418 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" ... show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 lns.bz	2026-06-03 01:31:56 (2 weeks ago)	.env scanning [DOOZ]	Web App Attack
🇭🇺 whitehoodie	2026-06-03 01:11:27 (2 weeks ago)	AUTOMATED REPORT: Tried to access .env file	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 01:08:39 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.163.32.235 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.163.32.235 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:08:34.277150 2026] [security2:error] [pid 18794:tid 18794] [client 20.163.32.235:28682] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.78"] [uri "/.git/HEAD"] [unique_id "ah9-koRZJ8MjQHwln3Q7TAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 00:23:10 (2 weeks ago)	Try to connect to Port_Scan_8080_stealth	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 00:22:06 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.163.32.235 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.163.32.235 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 20:21:58.255865 2026] [security2:error] [pid 6813:tid 6813] [client 20.163.32.235:29024] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.175"] [uri "/.git/HEAD"] [unique_id "ah9zptSVgM0dssHOXRGs0QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 61 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 209.38.255.100

🇬🇧 193.32.209.254

🇬🇪 178.217.74.104

🇸🇬 165.154.205.128

🇺🇸 157.245.213.221

🇺🇸 149.255.39.70

🇸🇬 103.134.154.138

🇳🇴 87.120.104.75

🇻🇳 14.225.7.70

🇺🇸 207.90.244.2

🇪🇹 196.188.187.205

🇧🇷 186.248.195.11

🇺🇸 103.234.62.68

🇮🇪 65.52.75.227

🇫🇷 51.75.21.177

🇨🇳 203.212.9.248

🇺🇸 199.195.254.215

🇲🇿 197.219.210.94

🇬🇧 193.163.125.227

🇰🇿 185.233.3.95