JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 68.220.58.243

68.220.58.243 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 99%: ?

99%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 68.220.58.243

Whois 68.220.58.243

IP Abuse Reports for 68.220.58.243:

This IP address has been reported a total of 29 times from 25 distinct sources. 68.220.58.243 was first reported on January 10th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 wlt-blocker	2026-06-15 05:52:19 (5 days ago)	Unauthorized access to webpage admin	Web App Attack
🇩🇪 dispaisyenterprises	2026-06-15 04:03:48 (5 days ago)	Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2086 [3], 2078 [1], 2087 [1], 2096 ... show more Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2086 [3], 2078 [1], 2087 [1], 2096 [1], 2095 [1], 2077 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-15 03:08:14 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 68.220.58.243 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 68.220.58.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 23:08:09.571594 2026] [security2:error] [pid 17439:tid 17439] [client 68.220.58.243:36230] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.186"] [uri "/.env"] [unique_id "ai9smaLxNfSocQ9w8P7wnAAAACw"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Scan	2026-06-15 01:34:59 (6 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-15 01:27:55 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 68.220.58.243 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 68.220.58.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 21:27:52.123232 2026] [security2:error] [pid 21431:tid 21459] [client 68.220.58.243:35470] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.127"] [uri "/.git/config"] [unique_id "ai9VGOOFffrT3dgPM6rnSAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 01:20:50 (6 days ago)	Portscan: TCP/2078, TCP/2086, TCP/2077, TCP/80, TCP/443, TCP/2082, TCP/2087	Port Scan
Anonymous	2026-06-15 00:43:29 (6 days ago)	Honeypot hit: Empty payload (likely service probe); 2082 [1], 2083 [1], 2086 [1], 2077 [1], 2096 [1] ... show more Honeypot hit: Empty payload (likely service probe); 2082 [1], 2083 [1], 2086 [1], 2077 [1], 2096 [1], 2078 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇫🇷 ✨	2026-06-15 00:38:09 (6 days ago)	Domain : www54.verysecuresites.net Rule : env 2026-06-15 00:36:38 W3SVC175 PLESK76 217.194.212.113 G ... show more Domain : www54.verysecuresites.net Rule : env 2026-06-15 00:36:38 W3SVC175 PLESK76 217.194.212.113 GET /.env - 80 - 68.220.58.243 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 - - 217.194.212.113 404 0 2 9037 212 656 - - show less	Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-06-14 16:20:57 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 68.220.58.243 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 68.220.58.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 12:20:51.042791 2026] [security2:error] [pid 4933:tid 4933] [client 68.220.58.243:62517] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.241"] [uri "/.git/HEAD"] [unique_id "ai7U4571Yc5a682vM33tbgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2026-06-14 13:57:37 (6 days ago)	Honeypot hit: Empty payload (likely service probe); 2078 [1], 2086 [1], 2082 [1], 2096 [1], 2077 [1] ... show more Honeypot hit: Empty payload (likely service probe); 2078 [1], 2086 [1], 2082 [1], 2096 [1], 2077 [1], 2083 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇩🇪 Admins@FBN	2026-06-14 13:51:10 (6 days ago)	FW-PortScan: Traffic Blocked srcport=62231 dstport=2086	Port Scan
🇺🇸 MPL	2026-06-14 12:01:45 (6 days ago)	tcp port scan (20 or more attempts)	Port Scan
🇩🇪 dispaisyenterprises	2026-06-14 11:51:47 (6 days ago)	Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2082 [1], 2078 [1], 2086 [1], 2095 ... show more Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2082 [1], 2078 [1], 2086 [1], 2095 [1], 2096 [1], 2077 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇧🇷 ludarkstar99	2026-06-14 11:20:07 (6 days ago)	Blocked by os-abuseipdb; 20 hits, proto=tcp, ports=2077,2078,2082,2083,2086,2087,2095,2096,443,80	Port Scan Hacking
🇫🇮 Ticlem	2026-06-13 11:13:26 (1 week ago)	2026-06-13T13:13:24.547266+02:00 clement-turlure kernel: [2355381.703087] [UFW BLOCK] IN=enp0s31f6 O ... show more 2026-06-13T13:13:24.547266+02:00 clement-turlure kernel: [2355381.703087] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:f7:16:fb:d0:07:ca:8d:22:75:08:00 SRC=68.220.58.243 DST=95.216.21.136 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=1 DF PROTO=TCP SPT=32792 DPT=8880 WINDOW=0 RES=0x00 ACK RST URGP=0 2026-06-13T13:13:25.176363+02:00 clement-turlure kernel: [2355382.332226] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:f7:16:fb:d0:07:ca:8d:22:75:08:00 SRC=68.220.58.243 DST=95.216.21.136 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=1 DF PROTO=TCP SPT=32792 DPT=3000 WINDOW=0 RES=0x00 ACK RST URGP=0 2026-06-13T13:13:25.639589+02:00 clement-turlure kernel: [2355382.795301] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:f7:16:fb:d0:07:ca:8d:22:75:08:00 SRC=68.220.58.243 DST=95.216.21.136 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=1 DF PROTO=TCP SPT=32792 DPT=8888 WINDOW=0 RES=0x00 ACK RST URGP=0 ... show less	Port Scan

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.129

🇹🇭 203.154.14.18

🇺🇸 170.39.224.220

🇧🇷 168.197.39.127

🇺🇸 165.22.178.62

🇺🇸 162.216.150.161

🇫🇮 147.185.133.60

🇨🇳 120.209.33.24

🇺🇸 109.105.210.54

🇸🇬 85.203.21.213

🇩🇪 47.245.139.32

🇨🇳 39.106.23.166

🇮🇳 34.93.128.179

🇨🇳 222.84.254.71

🇯🇵 210.166.53.221

🇳🇱 185.226.197.39

🇳🇱 185.226.197.37

🇷🇺 178.176.229.202

🇫🇷 173.249.52.138

🇨🇦 165.227.46.85