AbuseIPDB » 20.199.93.139

20.199.93.139 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 35%: ?

35%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	France
City	Paris, Ile-de-France

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 20.199.93.139

Whois 20.199.93.139

IP Abuse Reports for 20.199.93.139:

This IP address has been reported a total of 35 times from 9 distinct sources. 20.199.93.139 was first reported on March 17th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
TPI-Abuse	2025-03-30 05:30:19 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 30 01:30:12.095121 2025] [security2:error] [pid 11538:tid 11538] [client 20.199.93.139:48064] [client 20.199.93.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.ttlatl.dragoldio.com\|F\|4"] [data "grub-client"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ttlatl.dragoldio.com"] [uri "/"] [unique_id "Z-jW5P2SAi6dhcg2AmduYwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
backslash	2025-03-30 00:05:08 (2 weeks ago)	block ruleset Badbot using very old user-agents 5CF3CDB778C7D82564405B86B9242E612F378C68	Bad Web Bot
Charlesiv	2025-03-23 23:05:58 (3 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from FR. Action taken: BLOCK ASN: 8075 (MICROS ... show moreTriggered Cloudflare WAF (firewallCustom) from FR. Action taken: BLOCK ASN: 8075 (MICROSOFT-CORP-MSN-AS-BLOCK) Protocol: HTTP/1.1 (GET method) Endpoint: / Timestamp: 2025-03-23T22:50:41Z Ray ID: 92517d394e3e6f39 UA: Mozilla/5.0 (Linux; Android 4.2.2; WX10K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Mobile Safari/537.36 show less	Bad Web Bot
Anonymous	2025-03-23 04:24:40 (3 weeks ago)	Ports: *; Direction: 0; Trigger: CT_LIMIT	Brute-Force SSH
TPI-Abuse	2025-03-23 00:50:08 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 22 20:50:02.353813 2025] [security2:error] [pid 3255240:tid 3255240] [client 20.199.93.139:51734] [client 20.199.93.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|cbsproductionsinc.com\|F\|4"] [data "Microsoft URL"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "cbsproductionsinc.com"] [uri "/"] [unique_id "Z99auij3mK7VCptlS7PszwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-03-22 19:40:58 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 22 15:40:53.688255 2025] [security2:error] [pid 19572:tid 19572] [client 20.199.93.139:44084] [client 20.199.93.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|aquascapes.net\|F\|4"] [data "EmailWolf"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aquascapes.net"] [uri "/floatmenu.js"] [unique_id "Z98SRb4QGlNmtmX4rX4f8wAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
VHosting	2025-03-22 17:21:12 (3 weeks ago)	Attempt from 20.199.93.139, reason: OverConnLimit	DDoS Attack Bad Web Bot
TPI-Abuse	2025-03-22 14:50:54 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 22 10:50:49.966232 2025] [security2:error] [pid 636:tid 636] [client 20.199.93.139:36336] [client 20.199.93.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|ecuablue.farm\|F\|4"] [data "Web Downloader"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ecuablue.farm"] [uri "/vendor/modernizr-3.5.0.min.js"] [unique_id "Z97OSYWoT8B8PNrpYwXKNQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-03-22 14:34:02 (3 weeks ago)	Malicious activity detected	Hacking Web App Attack
TPI-Abuse	2025-03-22 14:11:02 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 22 10:10:58.358876 2025] [security2:error] [pid 28090:tid 28090] [client 20.199.93.139:46786] [client 20.199.93.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.4tee2stock.fynyx.com\|F\|4"] [data "Microsoft URL"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "4tee2stock.fynyx.com"] [uri "/bootstrap.min.js"] [unique_id "Z97E8siZZzFD1BL4fVjzBAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-03-22 13:02:37 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 22 09:02:29.510651 2025] [security2:error] [pid 17162:tid 17162] [client 20.199.93.139:52588] [client 20.199.93.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|crescentcitycafe.net\|F\|4"] [data "Microsoft URL"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "crescentcitycafe.net"] [uri "/"] [unique_id "Z9605eF0UdkQ-MVnfQJYsQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
ThreatBook.io	2025-03-22 00:02:55 (4 weeks ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/20.199.93.139 20 ... show moreThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/20.199.93.139 2025-03-21 02:47:26 / show less	Web App Attack
VHosting	2025-03-21 13:55:49 (4 weeks ago)	Attempt from 20.199.93.139, reason: OverConnLimit	DDoS Attack Bad Web Bot
TPI-Abuse	2025-03-21 01:25:48 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210831) triggered by 20.199.93.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 20 21:25:41.192903 2025] [security2:error] [pid 16714:tid 16714] [client 20.199.93.139:59646] [client 20.199.93.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|secureinitiatives.com\|F\|4"] [data "Microsoft URL"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "secureinitiatives.com"] [uri "/smoothscroll/smooth-scroll.js"] [unique_id "Z9zAFWDcwrUv6P3duqXAJQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
ThreatBook.io	2025-03-20 23:41:05 (4 weeks ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/20.199.93.139 20 ... show moreThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/20.199.93.139 2025-03-20 06:29:32 / show less	Web App Attack

Showing 1 to 15 of 35 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

139.59.119.25

196.251.88.103

103.31.38.209

196.251.85.62

192.99.8.158

108.162.241.67

2001:1600:13:100:f816:3eff:fec8:a565

162.240.228.182

3.23.97.14

182.180.154.234

218.92.0.211

35.203.210.185

221.161.235.168

107.158.128.24

210.79.190.69

216.218.206.93

176.28.201.236

177.101.153.220

46.105.70.190

165.154.118.50