JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.199.136.111

20.199.136.111 was found in our database!

This IP was reported 52 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇭 Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.199.136.111

Whois 20.199.136.111

IP Abuse Reports for 20.199.136.111:

This IP address has been reported a total of 52 times from 35 distinct sources. 20.199.136.111 was first reported on June 21st 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇷 ycoskun41	2026-06-22 14:04:44 (1 day ago)	fail2ban: plesk-modsecurity jail on genckocaeli.com	Web App Attack
🇩🇪 FeG Deutschland	2026-06-22 13:57:15 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇳🇱 Site.eu	2026-06-22 13:53:38 (1 day ago)	Excessive multi-domain requests	Brute-Force
🇺🇦 URAN Publishing Service	2026-06-22 13:16:15 (1 day ago)	20.199.136.111 - - [22/Jun/2026:16:16:12 +0300] "GET /api/.env HTTP/1.1" 404 273 "-" "Go-http-client ... show more 20.199.136.111 - - [22/Jun/2026:16:16:12 +0300] "GET /api/.env HTTP/1.1" 404 273 "-" "Go-http-client/1.1" ... show less	Web App Attack
Anonymous	2026-06-22 13:12:14 (1 day ago)	Honeytrap	Web App Attack Hacking
🇬🇧 WebNiraj	2026-06-22 11:07:34 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 20.199.136.111 (CH/Switzerland/-): 5 in the las ... show more (mod_security) mod_security (id:949110) triggered by 20.199.136.111 (CH/Switzerland/-): 5 in the last 3600 secs [SIGMA] show less	Brute-Force
🇺🇦 URAN Publishing Service	2026-06-22 10:11:33 (1 day ago)	20.199.136.111 - - [22/Jun/2026:13:11:24 +0300] "GET /api/.env HTTP/1.1" 404 273 "-" "Go-http-client ... show more 20.199.136.111 - - [22/Jun/2026:13:11:24 +0300] "GET /api/.env HTTP/1.1" 404 273 "-" "Go-http-client/1.1" 20.199.136.111 - - [22/Jun/2026:13:11:30 +0300] "GET /apps/.env HTTP/1.1" 404 4215 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇭🇺 DumaNet	2026-06-22 10:03:00 (1 day ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 22. 04:42:52 Source IP: 20.199 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 22. 04:42:52 Source IP: 20.199.136.111 Portion of the log(s): 20.199.136.111 - [22/Jun/2026:04:42:51 +0200] "GET /.env.production HTTP/1.1" 404 153 "-" "Go-http-client/2.0" 20.199.136.111 - [22/Jun/2026:04:42:49 +0200] "GET /.env.prod HTTP/1.1" 404 153 "-" "Go-http-client/2.0" 20.199.136.111 - [22/Jun/2026:04:42:47 +0200] "GET /.env.old HTTP/1.1" 404 153 "-" "Go-http-client/2.0" 20.199.136.111 - [22/Jun/2026:04:42:45 +0200] "GET /.env.local HTTP/1.1" 404 153 "-" "Go-http-client/2.0" 20.199.136.111 - [22/Jun/2026:04:42:43 +0200] "GET /.env.live HTTP/1.1" 404 153 "-" "Go-http-client/2.0" 20.199.136.111 - [22/Jun/2026:04:42:42 +0200] "GET /.env.dev HTTP/1.1" 404 153 "-" "Go-http-client/2.0" 20.199.136.111 - [22/Jun/2026:04:42:40 +0200] "GET /.env.config HTTP/1.1" 404 153 "-" "Go-http-client/2.0" 20.199.136.111 - [22/Jun/2026:04:42:36 +0200] "GET /.env.backup HTTP/1.1" 404 153 "-" "Go-http-client/2.0" 20.199.136.111 - [22/Jun/2026 show less	Web App Attack
🇦🇺 rubixstudios	2026-06-22 09:01:02 (1 day ago)	Excessive HTTP requests consistent with automated attack behaviour detected by Imunify360	DDoS Attack Brute-Force Web App Attack
🇨🇿 ptlab	2026-06-22 08:45:03 (1 day ago)	Detected env_leak attack from WP-host.	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 08:20:09 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 20.199.136.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.199.136.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 04:20:05.761065 2026] [security2:error] [pid 11399:tid 11399] [client 20.199.136.111:38570] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.cybersoftware.org\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.cybersoftware.org"] [uri "/s3cmd.ini"] [unique_id "ajjwNfgfuOmtyTaG72wcAgAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-22 08:14:42 (1 day ago)	20.199.136.111 - - [22/Jun/2026:11:14:40 +0300] "GET /.env HTTP/1.1" 404 729 "-" "Go-http-client/1.1 ... show more 20.199.136.111 - - [22/Jun/2026:11:14:40 +0300] "GET /.env HTTP/1.1" 404 729 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇳🇱 Savvii	2026-06-22 08:06:24 (1 day ago)	20 attempts against mh-misbehave-ban on kale	Brute-Force Bad Web Bot Web App Attack
🇫🇮 albionfreemarket.com	2026-06-22 08:06:22 (1 day ago)	20.199.136.111 - - [22/Jun/2026:08:06:18 +0000] "GET /_profiler/phpinfo.php HTTP/2.0" 403 153 "-" "G ... show more 20.199.136.111 - - [22/Jun/2026:08:06:18 +0000] "GET /_profiler/phpinfo.php HTTP/2.0" 403 153 "-" "Go-http-client/2.0" 0.000 "-" "CH" 20.199.136.111 - - [22/Jun/2026:08:06:20 +0000] "GET /phpinfo.php HTTP/2.0" 403 153 "-" "Go-http-client/2.0" 0.000 "-" "CH" ... show less	Bad Web Bot Web App Attack
🇨🇭 zynex	2026-06-22 07:54:51 (1 day ago)	URL Probing: /.env	Web App Attack

Showing 1 to 15 of 52 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.254

🇪🇸 196.196.150.5

🇷🇴 193.32.162.84

🇳🇱 176.65.139.250

🇺🇸 173.197.14.231

🇨🇳 171.8.85.244

🇺🇸 162.243.147.237

🇺🇸 143.42.1.34

🇨🇳 124.221.11.123

🇨🇳 121.26.29.66

🇧🇬 78.128.113.74

🇸🇬 74.63.20.246

🇺🇸 71.6.134.233

🇩🇪 69.5.169.28

🇺🇸 64.62.156.191

🇧🇷 45.162.115.195

🇺🇸 44.203.143.171

🇺🇸 44.202.42.36

🇻🇳 14.191.44.102

🇹🇼 1.34.161.179