JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.192.21.52

20.192.21.52 was found in our database!

This IP was reported 75 times. Confidence of Abuse is 35%: ?

35%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇮🇳 India
City	Pune, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.192.21.52

Whois 20.192.21.52

IP Abuse Reports for 20.192.21.52:

This IP address has been reported a total of 75 times from 44 distinct sources. 20.192.21.52 was first reported on March 26th 2025, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 MPL	2026-05-25 04:58:13 (4 weeks ago)	tcp/60001 (2 or more attempts)	Port Scan
🇩🇪 Admins@FBN	2026-05-25 04:27:33 (4 weeks ago)	FW-PortScan: Traffic Blocked srcport=55840 dstport=60001	Port Scan
🇺🇸 MPL	2026-05-25 04:25:11 (4 weeks ago)	tcp/60001 (3 or more attempts)	Port Scan
🇩🇪 Justin F. \| AS204464	2026-05-25 03:29:14 (4 weeks ago)	Honeypot [nx-infrastructure]: HTTP/1.1 request on 60001 GET / User-Agent: Mozilla/5.0 (X11; Linux x ... show more Honeypot [nx-infrastructure]: HTTP/1.1 request on 60001 GET / User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36; 60001 [1] TCP Reported by: Justin F. show less	Hacking Bad Web Bot
🇯🇵 mkaraki	2026-05-25 03:29:13 (4 weeks ago)	1779679752 # Service_probe # SIGNATURE_SEND # source_ip:20.192.21.52 # dst_port:60001 ...	Port Scan
🇯🇵 demonsword	2026-05-14 05:17:38 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.jamuna.tv:443:443 show less	Open Proxy Port Scan
🇧🇪 sid3windr	2026-05-09 02:21:36 (1 month ago)	GET /.env (Tarpitted for 1d15h8m28s, wasted 8.06MB)	Web App Attack
🇨🇳 ThreatBook.io	2026-05-07 22:11:11 (1 month ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/20.192.21.52 2026-05-0 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/20.192.21.52 2026-05-07 19:21:09 /.env show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-07 12:35:46 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 08:35:40.453823 2026] [security2:error] [pid 1733:tid 1733] [client 20.192.21.52:13888] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.243"] [uri "/.env"] [unique_id "afyHHByYS2r_gfgl1CgAkQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇾 lns.bz	2026-05-07 12:19:07 (1 month ago)	.env scanning [BY]	Web App Attack
🇺🇸 TPI-Abuse	2026-05-07 12:08:54 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 08:08:51.312795 2026] [security2:error] [pid 15954:tid 15954] [client 20.192.21.52:13888] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.109"] [uri "/.env"] [unique_id "afyA00-neTpfey0sq-GmvwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-07 11:40:17 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 07:40:09.778673 2026] [security2:error] [pid 11477:tid 11477] [client 20.192.21.52:13888] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.113"] [uri "/.env"] [unique_id "afx6GR8IGMUWjzHhdsQe6gAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-07 11:17:19 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 07:17:12.728069 2026] [security2:error] [pid 30532:tid 30532] [client 20.192.21.52:13888] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.161"] [uri "/.env"] [unique_id "afx0uPM_VRydoMQr7AkCqgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-07 10:57:52 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.192.21.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 06:57:48.488650 2026] [security2:error] [pid 6110:tid 6110] [client 20.192.21.52:13888] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.8"] [uri "/.env"] [unique_id "afxwLJH9UcItfs-E7ENBNAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 OceanTreasure	2026-05-07 10:55:07 (1 month ago)	tcp/80; Environment file access attempt: "GET /.env" @ 2026-05-07T10:52:26Z [proxy]	Web App Attack

Showing 1 to 15 of 75 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.14

🇨🇳 112.86.225.39

🇮🇩 103.172.20.218

🇧🇷 102.211.152.138

🇺🇸 96.78.175.36

🇳🇱 213.177.179.79

🇧🇷 205.210.31.210

🇱🇹 185.169.4.123

🇨🇳 116.21.160.12

🇪🇸 81.60.215.62

🇩🇪 69.5.169.44

🇨🇦 67.71.55.209

🇺🇸 66.175.239.44

🇪🇬 41.128.181.199

🇬🇧 35.203.210.13

🇺🇸 23.92.19.18

🇮🇱 129.159.152.145

🇮🇳 103.132.152.52

🇰🇪 102.210.149.236

🇦🇪 94.207.195.101