AbuseIPDB » 20.171.207.31

20.171.207.31 was found in our database!

This IP was reported 65 times. Confidence of Abuse is 78%: ?

78%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 20.171.207.31

Whois 20.171.207.31

IP Abuse Reports for 20.171.207.31:

This IP address has been reported a total of 65 times from 32 distinct sources. 20.171.207.31 was first reported on November 13th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Roderic	2025-03-19 23:20:08 (2 days ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
TPI-Abuse	2025-03-19 12:26:05 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 20.171.207.31 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 20.171.207.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 19 08:26:00.501443 2025] [security2:error] [pid 31551:tid 31551] [client 20.171.207.31:42934] [client 20.171.207.31] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.cameronsol.com|F|2"] [data ".camerongunsmith.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.cameronsol.com"] [uri "/www.camerongunsmith.com"] [unique_id "Z9q32LEizzYZP4-K9DVvnQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-03-16 16:39:28 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 20.171.207.31 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 20.171.207.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 16 12:39:25.544584 2025] [security2:error] [pid 24751:tid 24751] [client 20.171.207.31:36002] [client 20.171.207.31] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.martinez-morera.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.martinez-morera.com"] [uri "/ServiciosParticulares/[email protected]"] [unique_id "Z9b-vZx5hdatlFbDT7ad_AAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
Rocky Mountain Bioengineering Symposium	2025-03-15 23:46:54 (6 days ago)	[Sat Mar 15 17:45:42.264207 2025] [authz_core:error] [pid 84556:tid 140320163255872] [client 20.171. ... show more[Sat Mar 15 17:45:42.264207 2025] [authz_core:error] [pid 84556:tid 140320163255872] [client 20.171.207.31:36890] AH01630: client denied by server configuration: /var/www/public_html/journal/index.php [Sat Mar 15 17:45:42.267902 2025] [authz_core:error] [pid 84556:tid 140320163255872] [client 20.171.207.31:36890] AH01630: client denied by server configuration: /var/www/public_rsrc/assets/RMBS-Server-Error.html [Sat Mar 15 17:46:54.413727 2025] [authz_core:error] [pid 84291:tid 140319995401792] [client 20.171.207.31:54148] AH01630: client denied by server configuration: /var/www/public_html/journal/index.php ... show less	Bad Web Bot
TPI-Abuse	2025-03-15 20:43:17 (6 days ago)	(mod_security) mod_security (id:225170) triggered by 20.171.207.31 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 20.171.207.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 15 16:43:10.439086 2025] [security2:error] [pid 22300:tid 22300] [client 20.171.207.31:56442] [client 20.171.207.31] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.konahawaiihandyman.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.konahawaiihandyman.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Z9XmXiF1uR2fbUBCG6MpwgAAACM"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-03-14 11:36:19 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 20.171.207.31 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 20.171.207.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 14 07:36:11.601133 2025] [security2:error] [pid 31677:tid 31677] [client 20.171.207.31:41200] [client 20.171.207.31] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||dennisangellismusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dennisangellismusic.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Z9QUqwPBXuEanIVX3HPUFQAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
LotPhantom	2025-03-13 10:48:38 (1 week ago)	20.171.207.31 - - [13/Mar/2025:10:47:38 +0000] "GET / HTTP/2.0" 404 34 "-" "Mozilla/5.0 AppleWebKit/ ... show more20.171.207.31 - - [13/Mar/2025:10:47:38 +0000] "GET / HTTP/2.0" 404 34 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)" "0" ... show less	Bad Web Bot Web App Attack
Anonymous	2025-03-12 01:14:18 (1 week ago)	Excessive crawling/scraping	Hacking Brute-Force
bescared	2025-03-12 00:56:00 (1 week ago)		Bad Web Bot
cmbplf	2025-03-07 05:01:43 (2 weeks ago)	3.846 requests from abuseipdb.com blacklisted IP (9mos4w2d)	Brute-Force Bad Web Bot
mga.icgbio.ru	2025-03-06 04:41:42 (2 weeks ago)	20.171.207.31 - - [06/Mar/2025:11:41:29 +0700] "GET /~yurii/courses/ge02-2007.temporary.hide/exercis ... show more20.171.207.31 - - [06/Mar/2025:11:41:29 +0700] "GET /~yurii/courses/ge02-2007.temporary.hide/exercises-hyptest.html HTTP/1.1" 404 196 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)" 20.171.207.31 - - [06/Mar/2025:11:41:41 +0700] "GET /~yurii/courses/ge02-2007.temporary.hide/exercises-binomdis.html HTTP/1.1" 404 196 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)" ... show less	Web App Attack
mga.icgbio.ru	2025-03-05 15:05:13 (2 weeks ago)	20.171.207.31 - - [05/Mar/2025:22:04:39 +0700] "GET /soft/index.htm HTTP/1.1" 404 196 "-" "Mozilla/5 ... show more20.171.207.31 - - [05/Mar/2025:22:04:39 +0700] "GET /soft/index.htm HTTP/1.1" 404 196 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)" 20.171.207.31 - - [05/Mar/2025:22:05:12 +0700] "GET /papers/cbac25901.pdf HTTP/1.1" 404 196 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)" ... show less	Web App Attack
exxos	2025-03-05 07:47:42 (2 weeks ago)	Attacks with Bad user agents	Hacking
conseilgouz	2025-03-03 11:58:26 (2 weeks ago)	saw-(visforms) : try to access forms...	Hacking
exxos	2025-03-03 07:53:54 (2 weeks ago)	Attacks with Bad user agents	Hacking

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩