JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.215.89.22

20.215.89.22 was found in our database!

This IP was reported 129 times. Confidence of Abuse is 65%: ?

65%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.215.89.22

Whois 20.215.89.22

IP Abuse Reports for 20.215.89.22:

This IP address has been reported a total of 129 times from 60 distinct sources. 20.215.89.22 was first reported on January 23rd 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 micropedro	2026-06-17 20:31:05 (2 days ago)	3 incidents: malicious activity. First: 2026-06-09 18:38, Last: 2026-06-17 16:31 UTC. Triggers: ufw- ... show more 3 incidents: malicious activity. First: 2026-06-09 18:38, Last: 2026-06-17 16:31 UTC. Triggers: ufw-repeater. show less	Port Scan
🇫🇮 payincog	2026-06-11 11:05:10 (1 week ago)	Date: Jun 11 13:22:42 2026 EAT \| Reported IP: 20.215.89.22 mod_security \| id: 932130 933135 933210 9 ... show more Date: Jun 11 13:22:42 2026 EAT \| Reported IP: 20.215.89.22 mod_security \| id: 932130 933135 933210 934100 934130 942550 949110 \| PL/pay.my_domain/- \| Connections: 1 \| Blocked: Permanent Block: [LF_MODSEC] \| Logs: ; Remote Command Execution: Unix Shell Expression Found; PHP Injection Attack: Variable Access Found; PHP Injection Attack: Variable Function Call Found; Node.js Injection Attack 1/2; Node.js Injection Attack 1/2; Node.js Injection Attack 1/2; Node.js Injection Attack 1/2; JavaScript Prototype Pollution; JavaScript Prototype Pollution; JavaScript Prototype Pollution; JSON-Based SQL Injection; Inbound Anomaly Score Exceeded (Total Score: 55); Remote Command Execution: Unix Shell Expression Found; PHP Injection Attack: Variable Access Found; PHP Injection Attack: Variable Function Call Found; Node.js Injection Attack 1/2; Node.js Injection Attack 1/2; Node.js Injection Attack 1/2; Node.js Injection Attack 1/2; JavaScript Prototyp show less	SQL Injection Brute-Force Bad Web Bot
🇺🇸 micropedro	2026-06-10 19:30:53 (1 week ago)	3 incidents: malicious activity. First: 2026-05-27 13:31, Last: 2026-06-10 15:30 UTC. Triggers: ufw- ... show more 3 incidents: malicious activity. First: 2026-05-27 13:31, Last: 2026-06-10 15:30 UTC. Triggers: ufw-repeater. show less	Port Scan
🇩🇪 guldkage	2026-06-03 20:31:20 (2 weeks ago)	Unauthorized connection attempt detected from IP address 20.215.89.22 to port 6379 (ger-02) [REDIS]	Exploited Host
🇳🇱 ByeByte API	2026-06-03 20:29:05 (2 weeks ago)	Port scan from this IP. Firewall dropped every packet. Targeted TCP ports: 6379. Single burst at 202 ... show more Port scan from this IP. Firewall dropped every packet. Targeted TCP ports: 6379. Single burst at 2026-06-03 20:29 UTC. show less	Port Scan
🇳🇱 ByeByte API	2026-06-03 20:29:05 (2 weeks ago)	byebyte.space auth: TCP packet to port 6379 (Redis) at 2026-06-03T20:29:05Z. Source port 2944. TCP f ... show more byebyte.space auth: TCP packet to port 6379 (Redis) at 2026-06-03T20:29:05Z. Source port 2944. TCP flags: SYN. Packet: 60B, TTL 48, window 64240, IP id 25250. Single packet, dropped at firewall. p0f: OS Linux 2.2.x-3.x (generic match), 16 hops, link IPIP or SIT. show less	Port Scan
🇹🇷 Squearex	2026-06-03 20:25:59 (2 weeks ago)	Automated ban by SCUMUnified Shield. Honeypot Trap Triggered (Decoy Port 6379)	Brute-Force SSH
🇺🇸 micropedro	2026-06-03 18:31:18 (2 weeks ago)	3 incidents: malicious activity. First: 2026-05-27 13:31, Last: 2026-06-03 14:31 UTC. Triggers: ufw- ... show more 3 incidents: malicious activity. First: 2026-05-27 13:31, Last: 2026-06-03 14:31 UTC. Triggers: ufw-repeater. show less	Port Scan
Anonymous	2026-06-02 09:32:56 (2 weeks ago)	React.Server.Components.react-flight.Remote.Code.Execution	Exploited Host
🇩🇪 4server	2026-06-02 04:07:58 (2 weeks ago)	[TueJun0206:07:53.4840232026][security2:error][pid3746632:tid3746724][client20.215.89.22:0]ModSecuri ... show more [TueJun0206:07:53.4840232026][security2:error][pid3746632:tid3746724][client20.215.89.22:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${encodeuricomponent$string\(res$\)}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=$function\(${var_r=typeofrequire\!==undefined\?require:$process.mainmodule\?process.mainmodule.require.bind\(process.mainmodule$:$typeofglobalthis.require\!==undefined\?globalthis.require:null$\)return12899339148110000}\)throwobject.assign$newerror\(next_redirect${...\"][tag\"attack-rce\"][h show less	Port Scan Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-02 00:51:06 (2 weeks ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 20.215.89.22 (PL/Poland/-): 1 in the ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 20.215.89.22 (PL/Poland/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 gu-alvareza	2026-06-01 07:05:13 (2 weeks ago)	React.Server.Components.react-flight.Remote.Code.Execution	Hacking Web App Attack
🇺🇸 micropedro	2026-05-20 16:32:30 (4 weeks ago)	3 incidents: malicious activity. First: 2026-05-06 10:33, Last: 2026-05-20 12:32 UTC. Triggers: ufw- ... show more 3 incidents: malicious activity. First: 2026-05-06 10:33, Last: 2026-05-20 12:32 UTC. Triggers: ufw-repeater. show less	Port Scan
🇺🇸 micropedro	2026-05-20 16:32:30 (4 weeks ago)	4 incidents: malicious activity. First: 2026-05-13 11:30, Last: 2026-05-20 12:32 UTC. Triggers: ufw- ... show more 4 incidents: malicious activity. First: 2026-05-13 11:30, Last: 2026-05-20 12:32 UTC. Triggers: ufw-repeater. show less	Port Scan
🇺🇸 xmission.com	2026-05-19 14:16:05 (1 month ago)	Blocked by UFW (TCP on 6379) Source port: 10816 TTL: 36 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 6379) Source port: 10816 TTL: 36 Packet length: 60 TOS: 0x00 This report (for 20.215.89.22) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan

Showing 1 to 15 of 129 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.47

🇧🇷 138.255.230.4

🇨🇦 85.217.149.71

🇺🇸 24.229.22.106

🇮🇳 2401:4900:8f67:6712:d307:db93:c305:6692

🇦🇺 203.185.198.246

🇲🇽 187.191.48.4

🇯🇵 156.227.232.198

🇺🇸 139.87.112.22

🇷🇴 92.118.39.213

🇵🇱 91.228.33.75

🇳🇱 91.92.40.41

🇭🇰 45.116.78.92

🇷🇺 45.91.64.6

🇨🇱 190.162.63.8

🇱🇹 185.170.254.87

🇸🇬 168.144.136.72

🇭🇰 119.28.49.103

🇩🇪 83.236.176.109

🇳🇱 77.83.39.14