JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.168.119.91

20.168.119.91 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 43%: ?

43%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.168.119.91

Whois 20.168.119.91

IP Abuse Reports for 20.168.119.91:

This IP address has been reported a total of 12 times from 10 distinct sources. 20.168.119.91 was first reported on March 21st 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 SentinalX by uzumaru	2026-06-13 03:50:21 (2 days ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: cloudflare.com:443 show less	Open Proxy Port Scan
🇺🇸 TPI-Abuse	2026-06-03 06:52:26 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.168.119.91 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.168.119.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:52:18.753001 2026] [security2:error] [pid 1709:tid 1709] [client 20.168.119.91:33107] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.27"] [uri "/.git/HEAD"] [unique_id "ah_PIhMrruoW4f4yCAZx6AAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-02 05:46:42 (1 week ago)	tcp port scan (8 or more attempts)	Port Scan
🇩🇪 Stefan Dreher	2026-06-02 04:34:43 (1 week ago)	20.168.119.91 - - [02/Jun/2026:06:34:30 +0200] "GET /.git/config HTTP/1.1" 404 187 "-" "Mozilla/5.0 ... show more 20.168.119.91 - - [02/Jun/2026:06:34:30 +0200] "GET /.git/config HTTP/1.1" 404 187 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.168.119.91 - - [02/Jun/2026:06:34:33 +0200] "GET /.env.local HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 20.168.119.91 - - [02/Jun/2026:06:34:36 +0200] "GET /.env.backup HTTP/1.1" 404 187 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.168.119.91 - - [02/Jun/2026:06:34:38 +0200] "GET /.env.save HTTP/1.1" 404 125 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" 20.168.119.91 - - [02/Jun/2026:06:34:42 +0200] "GET /.aws/credentials HTTP/1.1" 404 125 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-06-02 02:57:47 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.168.119.91 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.168.119.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 22:57:43.424383 2026] [security2:error] [pid 30027:tid 30047] [client 20.168.119.91:43682] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.135"] [uri "/.git/config"] [unique_id "ah5Gp4icV9OdzGGzRyM8_gAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 Threat.live	2026-06-02 02:40:06 (1 week ago)	Suspicious Connection Attempts	Brute-Force
🇷🇸 Scan	2026-06-02 01:13:15 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
Anonymous	2026-05-31 22:39:51 (2 weeks ago)	2026-05-31T23:39:49.900018+01:00 vps kernel: [42007359.479902] [PORTSCAN DETECTED] IN=ens3 OUT= MAC= ... show more 2026-05-31T23:39:49.900018+01:00 vps kernel: [42007359.479902] [PORTSCAN DETECTED] IN=ens3 OUT= MAC=fa:16:3e:66:f6:24:02:37:19:0d:c2:f3:08:00 SRC=20.168.119.91 DST=54.37.14.118 LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=31824 DF PROTO=TCP SPT=21301 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan Brute-Force
Anonymous	2026-05-31 21:56:15 (2 weeks ago)	20.168.119.91 - - [31/May/2026:21:56:11 +0000] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Mac ... show more 20.168.119.91 - - [31/May/2026:21:56:11 +0000] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" "-" 20.168.119.91 - - [31/May/2026:21:56:12 +0000] "GET /.git/config HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" "-" 20.168.119.91 - - [31/May/2026:21:56:12 +0000] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" "-" 20.168.119.91 - - [31/May/2026:21:56:13 +0000] "GET /.env.production HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" "-" 20.168.119.91 - - [31/May/2026:21:56:14 +0000] "GET /.env.backup HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" "-" ... show less	Port Scan Brute-Force
🇯🇵 SentinalX by uzumaru	2026-05-22 02:18:17 (3 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: cloudflare.com:443 show less	Open Proxy Port Scan
🇺🇸 Rayulcifer	2026-04-27 21:39:40 (1 month ago)	20.168.119.91 - - [27/Apr/2026:16:39:39 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 874 "-" "axi ... show more 20.168.119.91 - - [27/Apr/2026:16:39:39 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 874 "-" "axios/1.14.0" 20.168.119.91 - - [27/Apr/2026:16:39:39 -0500] "GET http://httpbin.org/get HTTP/1.1" 200 874 "-" "axios/1.14.0" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇩🇪 frej	2026-03-21 02:28:15 (2 months ago)	Brute force login attempt. Auto-banned after repeated failed authentication.	Brute-Force

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 178.128.51.84

🇯🇵 101.36.105.50

🇬🇧 35.177.218.207

🇮🇳 124.253.119.57

🇸🇬 103.189.234.244

🇦🇪 94.202.213.69

🇨🇦 85.217.149.72

🇱🇹 81.30.98.225

🇮🇳 59.179.31.237

🇨🇱 34.176.210.25

🇿🇦 102.217.109.187

🇺🇸 57.141.20.49

🇩🇪 45.86.202.102

🇮🇳 34.131.130.74

🇺🇸 34.48.250.114

🇩🇪 31.70.70.17

🇳🇱 31.14.32.4

🇧🇷 177.141.167.170

🇸🇪 162.158.182.159

🇰🇷 124.61.210.150