JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.168.109.193

20.168.109.193 was found in our database!

This IP was reported 69 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.168.109.193

Whois 20.168.109.193

IP Abuse Reports for 20.168.109.193:

This IP address has been reported a total of 69 times from 61 distinct sources. 20.168.109.193 was first reported on January 8th 2026, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 eber965	2026-06-02 19:53:45 (1 day ago)	[Tue Jun 02 15:53:40 2026] [authz_core:error] [pid 290144:tid 140065897010944] [client 20.168.109.19 ... show more [Tue Jun 02 15:53:40 2026] [authz_core:error] [pid 290144:tid 140065897010944] [client 20.168.109.193:57817] AH01630: client denied by server configuration: /var/www/html/.git [Tue Jun 02 15:53:41 2026] [authz_core:error] [pid 290144:tid 140065871832832] [client 20.168.109.193:58183] AH01630: client denied by server configuration: /var/www/html/.env [Tue Jun 02 15:53:42 2026] [authz_core:error] [pid 178411:tid 140064554202880] [client 20.168.109.193:57799] AH01630: client denied by server configuration: /var/www/html/.env.local [Tue Jun 02 15:53:43 2026] [authz_core:error] [pid 290144:tid 140064520664832] [client 20.168.109.193:57831] AH01630: client denied by server configuration: /var/www/html/.env.backup [Tue Jun 02 15:53:44 2026] [authz_core:error] [pid 178251:tid 140064587773696] [client 20.168.109.193:57814] AH01630: client denied by server configuration: /var/www/html/.env.save ... show less	Brute-Force
Anonymous	2026-06-02 19:07:13 (1 day ago)	20.168.109.193 (US/United States/-), 5 distributed cpanel attacks on account [root] in the last 600 ... show more 20.168.109.193 (US/United States/-), 5 distributed cpanel attacks on account [root] in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: [2026-06-02 13:03:04 -0600] info [whostmgrd] 20.168.109.193 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-02 13:03:08 -0600] info [whostmgrd] 20.84.47.42 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-02 13:02:51 -0600] info [whostmgrd] 20.84.47.42 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-02 13:03:43 -0600] info [whostmgrd] 20.168.109.193 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-02 13:07:10 -0600] info [whostmgrd] 20.168.110.19 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect IP Addresses Blocked: show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 18:35:48 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.168.109.193 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.168.109.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 14:35:42.542011 2026] [security2:error] [pid 11349:tid 11349] [client 20.168.109.193:57958] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.12"] [uri "/.git/config"] [unique_id "ah8ifp1TPo41Keo4NmG0egAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 micropedro	2026-06-02 18:10:10 (1 day ago)	3 incidents: web scanning/attack, port scanning. First: 2026-06-02 14:10, Last: 2026-06-02 14:10 UTC ... show more 3 incidents: web scanning/attack, port scanning. First: 2026-06-02 14:10, Last: 2026-06-02 14:10 UTC. Triggers: ufw-repeater,firewall-http,firewall-tcp. show less	Port Scan Web App Attack
🇨🇭 flaus	2026-06-02 17:21:22 (1 day ago)	$f2bV_matches	Hacking Bad Web Bot Web App Attack
🇩🇪 ecs.ge	2026-06-02 17:09:17 (1 day ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
🇺🇸 OceanTreasure	2026-06-02 17:05:08 (1 day ago)	tcp/80; AWS dotfile access attempt: "GET /.aws/credentials" @ 2026-06-02T17:04:32Z [azure]	Web App Attack
🇳🇱 Yachiyo Runami	2026-06-02 17:04:26 (1 day ago)	Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 46 \| ... show more Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 46 \| Len: 60B(2x) \| Win: 64240(2) \| F2B/ufw-honeypot@2026-06-02T17:04:26Z show less	Port Scan Hacking
🇺🇸 kosada.com	2026-06-02 17:01:53 (1 day ago)	Web vulnerability probing: /backup.sql (bogus vhost/SNI)	Web App Attack
🇬🇧 PeravixGroup	2026-06-02 17:00:39 (1 day ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 MPL	2026-06-02 16:59:10 (1 day ago)	tcp port scan (4 or more attempts)	Port Scan
🇸🇪 donarev419	2026-06-01 02:15:12 (3 days ago)	Port scan detected on port 2086 (connection without data transfer)	Port Scan
🇸🇪 donarev419	2026-06-01 01:46:41 (3 days ago)	Port scan detected on port 2082 (connection without data transfer)	Port Scan
🇺🇸 drewf.ink	2026-06-01 01:37:28 (3 days ago)	[01:37] Port scanning. Port(s) scanned: TCP/2083, TCP/2082, TCP/8443	Port Scan
🇺🇸 LotPhantom	2026-05-31 22:16:04 (3 days ago)	2026-05-31T22:16:03.791768+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1 ... show more 2026-05-31T22:16:03.791768+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=20.168.109.193 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=48340 DF PROTO=TCP SPT=32832 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 2026-05-31T22:16:03.791787+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=20.168.109.193 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=35654 DF PROTO=TCP SPT=32832 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan Hacking

Showing 16 to 30 of 69 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 165.154.227.158

🇺🇸 147.185.132.182

🇻🇳 125.253.121.228

🇨🇳 115.191.32.57

🇫🇷 84.17.43.213

🇹🇼 61.222.211.114

🇺🇸 54.226.19.40

🇺🇸 156.239.253.250

🇺🇸 54.173.97.168

🇳🇱 45.148.10.152

🇬🇧 35.203.211.209

🇳🇱 31.56.209.8

🇺🇸 12.154.188.42

🇺🇸 216.59.173.21

🇩🇪 185.220.101.146

🇬🇧 185.65.238.250

🇧🇷 172.71.235.95

🇩🇪 165.22.82.165

🇺🇸 162.216.149.142

🇺🇸 147.185.132.103