JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.189.181.65

20.189.181.65 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 55%: ?

55%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.189.181.65

Whois 20.189.181.65

IP Abuse Reports for 20.189.181.65:

This IP address has been reported a total of 21 times from 18 distinct sources. 20.189.181.65 was first reported on April 5th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 demonsword	2026-06-06 10:12:44 (2 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: icanhazip.com:443 show less	Open Proxy Port Scan
🇬🇧 PeravixGroup	2026-06-03 07:58:51 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-03 07:52:52 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.189.181.65 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.189.181.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 03:52:45.435140 2026] [security2:error] [pid 13397:tid 13397] [client 20.189.181.65:12657] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.243"] [uri "/.git/HEAD"] [unique_id "ah_dTcFNhwk6xcOa5SErwwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 07:01:05 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.189.181.65 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.189.181.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 03:00:59.178022 2026] [security2:error] [pid 17241:tid 17241] [client 20.189.181.65:12685] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.217"] [uri "/.git/HEAD"] [unique_id "ah_RK2MtOp2rAZbMyXlarAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 SSP	2026-06-03 06:50:01 (3 weeks ago)	Automatic report from iptables firewall - detected malicious activity	DDoS Attack Brute-Force SSH Web App Attack Port Scan Hacking
🇺🇸 technojoe99	2026-06-03 05:59:41 (3 weeks ago)	Exploit scan from 20.189.181.65. GET /.git/HEAD HTTP/1.1.	Web App Attack
🇹🇷 Threat.live	2026-06-03 05:50:04 (3 weeks ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 wteiken	2026-06-03 05:43:07 (3 weeks ago)	rocinante.teiken.net:443 20.189.181.65:12302 - - [03/Jun/2026:01:42:50 -0400] "GET /.git/HEAD HTTP/1 ... show more rocinante.teiken.net:443 20.189.181.65:12302 - - [03/Jun/2026:01:42:50 -0400] "GET /.git/HEAD HTTP/1.1" 404 4198 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" rocinante.teiken.net:443 20.189.181.65:12340 - - [03/Jun/2026:01:42:54 -0400] "GET /.env HTTP/1.1" 404 4197 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" rocinante.teiken.net:80 20.189.181.65:12336 - - [03/Jun/2026:01:42:56 -0400] "GET /.env.local HTTP/1.1" 301 591 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" rocinante.teiken.net:443 20.189.181.65:12301 - - [03/Jun/2026:01:42:57 -0400] "GET /.env.production HTTP/1.1" 404 4196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" rocinante.teiken.net:443 20.189.181.65:12325 - - [03/Jun/2026:01:42:58 -0400 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 05:19:41 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.189.181.65 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.189.181.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:19:35.636906 2026] [security2:error] [pid 30864:tid 30864] [client 20.189.181.65:13256] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.113"] [uri "/.git/config"] [unique_id "ah-5Z77hYW-ww26NTpOnnAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-03 04:55:27 (3 weeks ago)	tcp port scan (7 or more attempts)	Port Scan
Anonymous	2026-06-03 04:16:21 (3 weeks ago)	20.189.181.65 - - [03/Jun/2026:04:16:12 +0000] "GET /.git/HEAD HTTP/1.1" 404 4076 "-" "Mozilla/5.0 ( ... show more 20.189.181.65 - - [03/Jun/2026:04:16:12 +0000] "GET /.git/HEAD HTTP/1.1" 404 4076 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-" 20.189.181.65 - - [03/Jun/2026:04:16:13 +0000] "GET /.git/config HTTP/1.1" 404 4079 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" 20.189.181.65 - - [03/Jun/2026:04:16:15 +0000] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" "-" 20.189.181.65 - - [03/Jun/2026:04:16:20 +0000] "GET /.env.production HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" "-" 20.189.181.65 - - [03/Jun/2026:04:16:20 +0000] "GET /.env.backup HTTP/1.1" 404 4077 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" "-" ... show less	Port Scan Brute-Force
🇫🇷 dynamix	2026-06-03 04:05:37 (3 weeks ago)	Multiple WAF Violations	Web App Attack
🇺🇸 RAP	2026-06-03 03:54:03 (3 weeks ago)	2026-06-03 03:54:03 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
Anonymous	2026-06-03 03:51:11 (3 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇮🇪 AutosOnShow	2026-06-03 03:21:05 (3 weeks ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-03 03:20:06.973 \|	Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.30

🇵🇦 190.123.46.129

🇵🇦 190.123.46.126

🇰🇪 154.159.252.81

🇺🇸 139.55.21.87

🇭🇰 118.193.38.134

🇨🇳 115.190.63.151

🇰🇷 114.30.180.58

🇺🇸 108.181.23.83

🇮🇳 103.194.243.92

🇪🇸 86.127.238.6

🇸🇨 45.194.67.146

🇬🇧 45.82.76.138

🇺🇸 40.76.137.103

🇫🇷 38.54.122.107

🇬🇧 35.203.210.119

🇨🇳 222.85.194.112

🇺🇸 216.239.36.223

🇻🇳 180.93.249.92

🇸🇪 172.160.240.97