JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.215.233.154

20.215.233.154 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.215.233.154

Whois 20.215.233.154

IP Abuse Reports for 20.215.233.154:

This IP address has been reported a total of 45 times from 27 distinct sources. 20.215.233.154 was first reported on June 20th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-23 21:59:38 (3 days ago)	Auto-ban: 201 malicious requests on 2026-06-22 (e.g., env/backup probes, brute-force, or error burst ... show more Auto-ban: 201 malicious requests on 2026-06-22 (e.g., env/backup probes, brute-force, or error bursts). show less	Web App Attack SSH Hacking
Anonymous	2026-06-23 09:28:37 (3 days ago)	Automatically blocked after 1 security event. Observed PHPUnit exploit probes. Source: Cloudflare se ... show more Automatically blocked after 1 security event. Observed PHPUnit exploit probes. Source: Cloudflare security controls. show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 08:54:32 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 20.215.233.154 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.215.233.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 04:54:26.742230 2026] [security2:error] [pid 2156:tid 2156] [client 20.215.233.154:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|chaitanyaconsult.in\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "chaitanyaconsult.in"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "ajpJwu2-eCHp7wfc7v00ZwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇰 ScamAware	2026-06-23 08:33:03 (3 days ago)	Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ... show more Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 1. Unique request paths counted internally: 1. Cloudflare action: block. Cloudflare source: firewallCustom. show less	Web App Attack
🇩🇪 Vegascosmetics	2026-06-23 06:59:55 (3 days ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after suspicious activity. Vegas Security	DDoS Attack Hacking Exploited Host
Anonymous	2026-06-23 05:18:19 (3 days ago)	<jail> banned by fail2ban	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 05:13:38 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 20.215.233.154 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.215.233.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 01:13:35.344755 2026] [security2:error] [pid 24655:tid 24655] [client 20.215.233.154:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|atlascoombs.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "atlascoombs.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "ajoV_44qvg84scdwyvSSVwAAAFw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 KiekerJan	2026-06-23 04:11:36 (4 days ago)	20.215.233.154 - - [23/Jun/2026:06:11:35 +0200] "GET //vendor/phpunit/phpunit/phpunit.xsd HTTP/1.1" ... show more 20.215.233.154 - - [23/Jun/2026:06:11:35 +0200] "GET //vendor/phpunit/phpunit/phpunit.xsd HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" 20.215.233.154 - - [23/Jun/2026:06:11:35 +0200] "GET //vendor/phpunit/phpunit/phpunit.xsd HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" ... show less	Web App Attack
🇺🇸 Mundo Bueno	2026-06-23 02:17:47 (4 days ago)	[ISILIA Protection v2.1] Tentative d'accès: //vendor/phpunit/phpunit/phpunit.xsd \| Pays: PL \| UA: Mo ... show more [ISILIA Protection v2.1] Tentative d'accès: //vendor/phpunit/phpunit/phpunit.xsd \| Pays: PL \| UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 show less	Hacking Web App Attack
🇩🇪 maxpower	2026-06-23 02:11:16 (4 days ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 20.215.233.154 (PL/Poland/-): 2 in the l ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 20.215.233.154 (PL/Poland/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 20.215.233.154 - - [23/Jun/2026:04:10:46 +0200] "GET //vendor/phpunit/phpunit/phpunit.xsd HTTP/2.0" 301 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "20.215.233.154" host=masterlabvideoproduzioni.it 20.215.233.154 - - [23/Jun/2026:04:11:13 +0200] "GET /vendor/phpunit/phpunit/phpunit.xsd HTTP/2.0" 404 10807 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "20.215.233.154" host=www.masterlabvideoproduzioni.it show less	Port Scan
🇩🇪 maxpower	2026-06-23 01:00:44 (4 days ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 20.215.233.154 (PL/Poland/-): 2 in the l ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 20.215.233.154 (PL/Poland/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 20.215.233.154 - - [23/Jun/2026:03:00:37 +0200] "GET //vendor/phpunit/phpunit/phpunit.xsd HTTP/1.1" 301 305 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "20.215.233.154" host=digiampaolo.it 20.215.233.154 - - [23/Jun/2026:03:00:38 +0200] "GET /vendor/phpunit/phpunit/phpunit.xsd HTTP/2.0" 500 711 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "20.215.233.154" host=digiampaolo.it show less	Port Scan
🇺🇸 Lezetho	2026-06-23 00:01:17 (4 days ago)	DDoS, WebSpam, Web Attack, and Brute-force blocked by Cloudflare	DDoS Attack Email Spam Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-06-22 23:49:10 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 20.215.233.154 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.215.233.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 19:49:07.149493 2026] [security2:error] [pid 10865:tid 10865] [client 20.215.233.154:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|colonybet.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "colonybet.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "ajnJ882LI9fQYFZIcQHpfwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 juutis	2026-06-22 23:12:02 (4 days ago)	Multiple WAF abuses - IP blocked	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 22:04:20 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 20.215.233.154 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.215.233.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 18:04:15.028308 2026] [security2:error] [pid 21326:tid 21326] [client 20.215.233.154:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|uwsvita.org\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "uwsvita.org"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "ajmxX4lefyLM6OaABB1DPAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 163.7.3.26

🇫🇮 147.185.133.240

🇰🇷 115.140.161.61

🇳🇱 89.21.67.184

🇫🇷 85.217.140.51

🇩🇪 69.5.169.181

🇳🇱 45.148.10.244

🇸🇪 45.84.107.174

🇺🇸 45.79.162.79

🇺🇸 20.83.170.244

🇩🇪 2001:4ca0:108:42:0:53:17:9

🇵🇰 202.63.202.165

🇧🇷 179.51.153.37

🇸🇪 155.4.244.107

🇺🇸 107.85.96.209

🇫🇷 85.217.140.47

🇳🇱 81.19.216.125

🇧🇬 79.124.56.146

🇳🇱 45.148.10.200

🇵🇭 158.62.75.47