JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.168.106.243

20.168.106.243 was found in our database!

This IP was reported 65 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.168.106.243

Whois 20.168.106.243

IP Abuse Reports for 20.168.106.243:

This IP address has been reported a total of 65 times from 49 distinct sources. 20.168.106.243 was first reported on January 21st 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 Peregrine	2026-06-07 03:09:29 (3 days ago)	Fail2Ban Jail: tomcat-honeypot \| Evidence: - 20.168.106.243 - - [03/Jun/2026:00:13:57 -0300] "GET /. ... show more Fail2Ban Jail: tomcat-honeypot \| Evidence: - 20.168.106.243 - - [03/Jun/2026:00:13:57 -0300] "GET /.git/HEAD HTTP/1.1" 404 414 - 20.168.106.243 - - [03/Jun/2026:00:14:01 -0300] "GET /.git/config HTTP/1.1" 404 414 - 20.168.106.243 - - [03/Jun/2026:00:14:01 -0300] "GET /.env HTTP/1.1" 404 414 - 20.168.106.243 - - [03/Jun/2026:00:14:03 -0300] "GET /.env.local HTTP/1.1" 404 414 show less	Bad Web Bot
🇧🇷 Peregrine	2026-06-05 03:10:13 (5 days ago)	Fail2Ban Jail: tomcat-honeypot \| Evidence: - 20.168.106.243 - - [03/Jun/2026:00:13:57 -0300] "GET /. ... show more Fail2Ban Jail: tomcat-honeypot \| Evidence: - 20.168.106.243 - - [03/Jun/2026:00:13:57 -0300] "GET /.git/HEAD HTTP/1.1" 404 414 - 20.168.106.243 - - [03/Jun/2026:00:14:01 -0300] "GET /.git/config HTTP/1.1" 404 414 - 20.168.106.243 - - [03/Jun/2026:00:14:01 -0300] "GET /.env HTTP/1.1" 404 414 - 20.168.106.243 - - [03/Jun/2026:00:14:03 -0300] "GET /.env.local HTTP/1.1" 404 414 show less	Bad Web Bot
Anonymous	2026-06-04 20:47:56 (6 days ago)	Portscan: TCP/80, TCP/2086, TCP/8443, TCP/2087, TCP/443, TCP/2083, TCP/8080, TCP/2082	Port Scan
🇮🇹 mediarama.com	2026-06-04 16:05:39 (6 days ago)	Banned by Fail2Ban	Bad Web Bot
🇸🇪 NordhTech	2026-06-04 14:15:09 (6 days ago)	More than 3 malicious connection attempts, trying port(s) 8080/tcp, then blocked from services ...	Port Scan Hacking
🇩🇪 Justin F. \| AS204464	2026-06-04 13:40:42 (6 days ago)	Honeypot [nx-infrastructure]: Empty payload (likely service probe); 2087 [4], 2082 [1], 2086 [1], 20 ... show more Honeypot [nx-infrastructure]: Empty payload (likely service probe); 2087 [4], 2082 [1], 2086 [1], 2083 [1] TCP Reported by: Justin F. show less	Port Scan
🇳🇱 tpjg	2026-06-04 12:59:44 (6 days ago)	Automated: 15 requests with error status in 120s window from 20.168.106.243. Evidence: /backup.sql:3 ... show more Automated: 15 requests with error status in 120s window from 20.168.106.243. Evidence: /backup.sql:301,/.htpasswd:301,/app/config/parameters.yml:301,/actuator/env:301,/server-status:301,/phpinfo.php:301,/config/database.yml:301,/.aws/credentials:301,/wp-config.php:301,/.env.save:301,/.env.backup:301,/.env.production:301,/.env.local:301,/.env:301,/.git/HEAD:301 show less	Web App Attack
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇪 keep_out	2026-06-03 05:06:07 (1 week ago)	Probing\(5\) HTTP Ports ...	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 05:00:59 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.168.106.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.168.106.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:00:53.314047 2026] [security2:error] [pid 20185:tid 20185] [client 20.168.106.243:23260] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.227"] [uri "/.git/HEAD"] [unique_id "ah-1BXUJz0ipgWdLkTiq3AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 04:27:07 (1 week ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇩🇪 ghostwarriors	2026-06-03 04:20:14 (1 week ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 04:07:05 (1 week ago)	[03/Jun/2026:14:07:05 +1000] "GET /.git/HEAD HTTP/1.1" 301 279 "Mozilla/5.0 (X11; Linux x86_64; rv:1 ... show more [03/Jun/2026:14:07:05 +1000] "GET /.git/HEAD HTTP/1.1" 301 279 "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 03:38:08 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.168.106.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.168.106.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:38:04.579306 2026] [security2:error] [pid 26141:tid 26145] [client 20.168.106.243:23424] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.24"] [uri "/.git/config"] [unique_id "ah-hnKgz3-2SMxVAzVnLNwAAAEE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 03:15:31 (1 week ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host

Showing 1 to 15 of 65 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.241

🇵🇱 188.212.135.123

🇲🇾 49.124.153.64

🇦🇷 190.244.39.224

🇺🇸 162.216.149.242

🇮🇩 103.151.140.97

🇫🇷 51.178.198.251

🇧🇷 45.205.1.246

🇺🇸 8.231.249.128

🇷🇴 2.57.121.112

🇺🇸 216.25.89.94

🇺🇸 173.26.185.131

🇩🇪 167.94.146.39

🇳🇱 160.119.76.47

🇸🇪 155.4.244.107

🇫🇮 135.181.16.155

🇮🇳 103.75.32.1

🇩🇪 64.89.163.156

🇩🇪 57.129.69.65

🇬🇧 35.203.210.127