JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.6.106.54

20.6.106.54 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.6.106.54

Whois 20.6.106.54

IP Abuse Reports for 20.6.106.54:

This IP address has been reported a total of 22 times from 19 distinct sources. 20.6.106.54 was first reported on June 3rd 2026, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 TheCoon	2026-06-07 03:30:02 (21 hours ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-06 12:04:08 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.6.106.54 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 20.6.106.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 08:03:56.938709 2026] [security2:error] [pid 27679:tid 27679] [client 20.6.106.54:43134] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "soleillavie.com"] [uri "/.env"] [unique_id "aiQMrIwGbQmaJ1xIkVmtWwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-06 11:06:35 (1 day ago)	Abuse Detected (2)	Brute-Force Web App Attack
🇺🇸 itsnixk	2026-06-06 10:16:44 (1 day ago)	(mod_security) mod_security (id:920340) triggered by 20.6.106.54 (SG/Singapore/-): 1 in the last 360 ... show more (mod_security) mod_security (id:920340) triggered by 20.6.106.54 (SG/Singapore/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sat Jun 06 06:16:39.460310 2026] [security2:error] [pid 2339662:tid 2339780] [client 20.6.106.54:56162] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "728"] [id "920340"] [msg "Content-Type header missing from request with non-zero Content-Length"] [severity "CRITICAL"] [ver "OWASP_CRS/4.26.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiPzh-bJFaeLh6Qu9iPyzAAAAHM"] show less	Port Scan
🇺🇸 Starburst SysOp Team	2026-06-06 00:13:34 (2 days ago)	Content-Type header missing from request with non-zero Content-Length. Operator EQ matched 0 at REQU ... show more Content-Type header missing from request with non-zero Content-Length. Operator EQ matched 0 at REQUEST_HEADERS. (920340-iad5-2) show less	Hacking
🇺🇸 SodaAudit.app	2026-06-05 17:45:17 (2 days ago)	[sodaaudit.app] Web app attack. Timestamp: 2026-06-05T15:46:23.000Z. 1 probe events, 1 distinct path ... show more [sodaaudit.app] Web app attack. Timestamp: 2026-06-05T15:46:23.000Z. 1 probe events, 1 distinct path(s). Paths (payload): /.env show less	Web App Attack
🇩🇪 ghostwarriors	2026-06-05 16:50:04 (2 days ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇦🇺 nzhost.co.nz	2026-06-05 15:10:50 (2 days ago)	$f2bV_matches	Hacking Brute-Force
🇺🇸 Epimetheus	2026-06-05 13:20:27 (2 days ago)	Unauthorized access attempts: [POST] /login/ [GET] /openid_connect/cpanelid UA: Go-http-client/1.1	Web App Attack
🇵🇱 sefinek.net	2026-06-05 09:15:31 (2 days ago)	Triggered Cloudflare WAF (firewallCustom) from SG. Action: BLOCK \| Protocol: HTTP/1.1 (POST) \| Endpo ... show more Triggered Cloudflare WAF (firewallCustom) from SG. Action: BLOCK \| Protocol: HTTP/1.1 (POST) \| Endpoint: /login/ \| UA: Go-http-client/1.1 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇦 Blinker73	2026-06-04 19:36:01 (3 days ago)	2026-06-04T15:35 kernel: OUT= SRC=20.6.106.54 LEN=60 TOS=0x00 PREC=0x00 TTL=30 ID=51457 DF PRO ... show more 2026-06-04T15:35 kernel: OUT= SRC=20.6.106.54 LEN=60 TOS=0x00 PREC=0x00 TTL=30 ID=51457 DF PROTO=TCP SPT=54062 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-04T15:35 kernel: OUT= SRC=20.6.106.54 LEN=60 TOS=0x00 PREC=0x00 TTL=30 ID=51458 DF PROTO=TCP SPT=54062 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-04T15:36 kernel: OUT= SRC=20.6.106.54 LEN=60 TOS=0x00 PREC=0x00 TTL=30 ID=51459 DF PROTO=TCP SPT=54062 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP= show less	Port Scan
🇬🇧 PeravixGroup	2026-06-04 19:05:01 (3 days ago)	CSF brute force detection on cpanel	Brute-Force
🇮🇩 hermawan	2026-06-04 13:16:43 (3 days ago)	1780578995.965912 20.6.106.54 103.166.156.58 64240_2-4-8-1-3_1440_10 2026-06-04 20:16:35 WIB ...	Email Spam Hacking
🇺🇸 ISPLtd	2026-06-04 10:58:01 (3 days ago)	Jun 4 04:57:58 20.6.106.54 TCP SPT=51798 DPT=2087 SYN Jun 4 04:57:59 20.6.106.54 TCP SPT=51798 DPT ... show more Jun 4 04:57:58 20.6.106.54 TCP SPT=51798 DPT=2087 SYN Jun 4 04:57:59 20.6.106.54 TCP SPT=51798 DPT=2087 SYN Jun 4 04:58:00 20.6.106.54 TCP SPT=51798 DPT=2087 ... show less	Port Scan
🇺🇸 vertali	2026-06-04 10:11:36 (3 days ago)	CSF/LFD blocked 20.6.106.54 after LF_CPANEL on * (inout, perm=1, ttl=1s). Reason: (cpanel) Failed cP ... show more CSF/LFD blocked 20.6.106.54 after LF_CPANEL on * (inout, perm=1, ttl=1s). Reason: (cpanel) Failed cPanel login from 20.6.106.54 (SG/Singapore/-): 5 in the last 3600 secs. Evidence: [2026-06-04 05:11:32 -0500] info [whostmgrd] 20.6.106.54 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect show less	Brute-Force Web App Attack SSH

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.51

🇬🇧 192.248.150.180

🇨🇳 162.14.81.53

🇺🇸 129.153.145.135

🇺🇸 107.175.156.152

🇿🇦 102.129.56.145

🇭🇰 34.92.135.118

🇹🇷 5.181.87.35

🇨🇳 220.202.112.205

🇭🇰 199.45.154.182

🇸🇦 176.44.64.73

🇨🇳 115.191.10.40

🇨🇳 111.229.35.233

🇺🇸 104.243.43.19

🇺🇸 104.194.10.16

🇨🇳 101.201.101.120

🇪🇸 90.162.116.66

🇹🇷 88.255.189.50

🇧🇬 79.124.62.122

🇺🇸 47.251.254.233