JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.171.155.136

20.171.155.136 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 0%: ?

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.171.155.136

Whois 20.171.155.136

IP Abuse Reports for 20.171.155.136:

This IP address has been reported a total of 41 times from 13 distinct sources. 20.171.155.136 was first reported on April 1st 2024, and the most recent report was 2 years ago.

Old Reports: The most recent abuse report for this IP address is from 2 years ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇾 Rizzy	2024-04-03 07:54:37 (2 years ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-04-03 03:55:52 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 02 23:55:44.695013 2024] [security2:error] [pid 17429] [client 20.171.155.136:4797] [client 20.171.155.136] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|springmeadowventures.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "springmeadowventures.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZgzTQMFd0mLaxLhVdfZm3QAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-04-03 01:57:06 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 02 21:57:03.263252 2024] [security2:error] [pid 20348] [client 20.171.155.136:3877] [client 20.171.155.136] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|zoesaadeh.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "zoesaadeh.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Zgy3b4Fn3ccirN3aVCUZYQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇿🇦 James Frasier	2024-04-02 21:52:00 (2 years ago)	/wp-admin/css/colors/blue/CasperExV1.php 0z.php wp-admin/users.php More than 40 attack items	Web Spam Email Spam Blog Spam Port Scan Hacking SQL Injection Brute-Force Bad Web Bot Exploited Host
🇺🇦 URAN Publishing Service	2024-04-02 18:39:47 (2 years ago)	20.171.155.136 - - [02/Apr/2024:21:39:47 +0300] "GET /wp-admin/css/colors/blue/CasperExV1.php HTTP/1 ... show more 20.171.155.136 - - [02/Apr/2024:21:39:47 +0300] "GET /wp-admin/css/colors/blue/CasperExV1.php HTTP/1.1" 404 273 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 OPR/70.0.3728.95" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2024-04-02 17:11:22 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 02 13:11:19.219497 2024] [security2:error] [pid 14506] [client 20.171.155.136:3938] [client 20.171.155.136] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ewebiz.net\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ewebiz.net"] [uri "/site/default/settings.php.BAK"] [unique_id "Zgw8NwiIeqqsutJXsgOodAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 Mediashaker	2024-04-02 16:36:20 (2 years ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 20.171.155.136 (US/Unite ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 20.171.155.136 (US/United States/-) show less	Port Scan
🇺🇸 TPI-Abuse	2024-04-02 16:34:09 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 02 12:34:02.321422 2024] [security2:error] [pid 2337] [client 20.171.155.136:1995] [client 20.171.155.136] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|starvationacres.us\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "starvationacres.us"] [uri "/site/default/settings.php.BAK"] [unique_id "Zgwzeo-gpI1JWp0s2SsfMAAAACs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Ba-Yu	2024-04-02 16:26:11 (2 years ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
Anonymous	2024-04-02 08:20:28 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2024-04-02 07:58:17 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 02 03:58:12.969403 2024] [security2:error] [pid 25196] [client 20.171.155.136:1694] [client 20.171.155.136] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.pamelalambert.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pamelalambert.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Zgu6lHntFFGomXP-hEt_8gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2024-04-02 07:15:25 (2 years ago)	20.171.155.136 - - [02/Apr/2024:10:15:21 +0300] "GET /wp-admin/css/colors/blue/CasperExV1.php HTTP/1 ... show more 20.171.155.136 - - [02/Apr/2024:10:15:21 +0300] "GET /wp-admin/css/colors/blue/CasperExV1.php HTTP/1.1" 404 277 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" ... show less	Web App Attack
🇺🇸 bigscoots.com	2024-04-02 06:27:43 (2 years ago)	(PERMBLOCK) 20.171.155.136 (US/United States/-) has had more than 4 temp blocks in the last 86400 se ... show more (PERMBLOCK) 20.171.155.136 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: 1; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Brute-Force SSH
🇫🇮 Christopher Hughes	2024-04-02 06:18:19 (2 years ago)	[Tue Apr 02 07:18:17.107241 2024] [proxy_fcgi:error] [pid 1141113:tid 140298478917184] [client 20.17 ... show more [Tue Apr 02 07:18:17.107241 2024] [proxy_fcgi:error] [pid 1141113:tid 140298478917184] [client 20.171.155.136:2104] AH01071: Got error 'Primary script unknown' [Tue Apr 02 07:18:17.272868 2024] [proxy_fcgi:error] [pid 1141113:tid 140297816221248] [client 20.171.155.136:2104] AH01071: Got error 'Primary script unknown' [Tue Apr 02 07:18:17.770942 2024] [proxy_fcgi:error] [pid 1141113:tid 140298084656704] [client 20.171.155.136:2104] AH01071: Got error 'Primary script unknown' [Tue Apr 02 07:18:17.936760 2024] [proxy_fcgi:error] [pid 1141113:tid 140298504095296] [client 20.171.155.136:2104] AH01071: Got error 'Primary script unknown' [Tue Apr 02 07:18:18.102362 2024] [proxy_fcgi:error] [pid 1141113:tid 140298529273408] [client 20.171.155.136:2104] AH01071: Got error 'Primary script unknown' ... show less	Web App Attack
🇺🇸 TPI-Abuse	2024-04-02 06:09:46 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.171.155.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 02 02:09:42.344613 2024] [security2:error] [pid 15275] [client 20.171.155.136:2238] [client 20.171.155.136] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|crescentcitycafe.org\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crescentcitycafe.org"] [uri "/site/default/settings.php.BAK"] [unique_id "ZguhJsWu8pNOKnCA_nxAyQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.180

🇺🇸 147.185.132.111

🇨🇳 125.92.102.63

🇪🇸 79.116.229.12

🇮🇪 52.169.217.131

🇨🇦 51.222.168.99

🇪🇸 46.6.124.216

🇨🇳 222.176.200.223

🇨🇴 179.51.97.180

🇨🇦 142.44.233.235

🇺🇸 134.209.70.45

🇨🇳 120.229.245.7

🇺🇸 107.174.90.23

🇲🇩 91.208.184.122

🇪🇸 91.193.152.57

🇺🇸 47.251.98.79

🇳🇱 45.142.193.10

🇻🇳 36.50.54.243

🇺🇸 35.169.206.177

🇺🇸 34.106.175.66