JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.228.89.44

20.228.89.44 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Hostname(s)	aztswgx4x2if.t.stretchoid.com
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.228.89.44

Whois 20.228.89.44

IP Abuse Reports for 20.228.89.44:

This IP address has been reported a total of 31 times from 29 distinct sources. 20.228.89.44 was first reported on June 9th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 JCB	2026-06-11 08:05:00 (4 days ago)	20.228.89.44 - - [10/Jun/2026:23:21:27 +0300] "GET /mcp HTTP/1.1" 404 196 "-" "Mozilla/5.0 zgrab/0.x ... show more 20.228.89.44 - - [10/Jun/2026:23:21:27 +0300] "GET /mcp HTTP/1.1" 404 196 "-" "Mozilla/5.0 zgrab/0.x" show less	Web App Attack
🇮🇱 spd.co.il	2026-06-11 06:01:33 (4 days ago)	Web application attack detected	Hacking Web App Attack
Anonymous	2026-06-11 04:17:14 (4 days ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
Anonymous	2026-06-11 03:52:21 (4 days ago)	Reported from Nginx log analysis 11. Log: 20.228.89.44 - - [11/Jun/2026:xx:xx:xx 0200] "GET /mcp HT ... show more Reported from Nginx log analysis 11. Log: 20.228.89.44 - - [11/Jun/2026:xx:xx:xx 0200] "GET /mcp HTTP/1.1" xxx xxx "-" "Mozilla/5.0 zgrab/0.x" "-" "US United States San Jose" "AS8075" "Microsoft Corporation" show less	Port Scan Brute-Force SSH
🇺🇸 micropedro	2026-06-11 00:31:50 (4 days ago)	3 incidents: web scanning/attack. First: 2026-06-09 19:37, Last: 2026-06-10 20:31 UTC. Triggers: ngi ... show more 3 incidents: web scanning/attack. First: 2026-06-09 19:37, Last: 2026-06-10 20:31 UTC. Triggers: nginx-badbots,ufw-repeater,ufw-repeater. show less	Port Scan Bad Web Bot Web App Attack
🇲🇹 neilcaruana	2026-06-11 00:23:09 (4 days ago)	Sentinel detected an attack on port [443]	Hacking
🇫🇷 SpaceHost-Server	2026-06-10 22:28:37 (4 days ago)		Brute-Force Web App Attack
🇩🇪 sdos.es	2026-06-10 21:01:29 (4 days ago)	"Found User-Agent associated with security scanner - Matched Data: zgrab found within REQUEST_HEADER ... show more "Found User-Agent associated with security scanner - Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x" show less	Web App Attack
🇹🇼 tyetriiix	2026-06-10 19:18:47 (5 days ago)	Wazuh Alert Evidence: 20.228.89.44 - - [10/Jun/2026:19:18:44 +0000] "GET /mcp HTTP/1.1" 502 150 "-" ... show more Wazuh Alert Evidence: 20.228.89.44 - - [10/Jun/2026:19:18:44 +0000] "GET /mcp HTTP/1.1" 502 150 "-" "Mozilla/5.0 zgrab/0.x" "-" Origin: "-" CORS_Header: "-" Sent_allow_origin: "-" show less	Web App Attack
🇸🇪 SkyDancer	2026-06-10 17:15:28 (5 days ago)	Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by Sk ... show more Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-Vx show less	Hacking Brute-Force SSH
Anonymous	2026-06-10 17:11:16 (5 days ago)	[Wed Jun 10 19:11:15.465339 2026] [:error] [pid 319999:tid 319999] [client 20.228.89.44:40174] ModSe ... show more [Wed Jun 10 19:11:15.465339 2026] [:error] [pid 319999:tid 319999] [client 20.228.89.44:40174] ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `scanners-user-agents.data' against variable `REQUEST_HEADERS:User-Agent' (Value: `Mozilla/5.0 zgrab/0.x' ) [file "/usr/local/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "38"] [id "913100"] [rev ""] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 zgrab/0.x"] [severity "2"] [ver "OWASP_CRS/4.28.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/SCANNER-DETECTION"] [tag "capec/1000/118/224/541/310"] [uri "/mcp"] [unique_id "178111147537.664130"] [ref "o12,5v51,21"] ... show less	Web App Attack
🇩🇪 D3vNu11	2026-06-10 16:22:59 (5 days ago)	Level: (LOW): Known Attacker via CitrixHoneypot IOC Country: United States 1x -> Target Country: Ger ... show more Level: (LOW): Known Attacker via CitrixHoneypot IOC Country: United States 1x -> Target Country: Germany HTTPS show less	Hacking Web App Attack
🇧🇷 diego	2026-06-10 12:10:50 (5 days ago)	[probe-68-69] 2026-06-10 11:52:34, Client: 20.228.89.44, Protocol: 6, Unauthorized activity to HTTP: ... show more [probe-68-69] 2026-06-10 11:52:34, Client: 20.228.89.44, Protocol: 6, Unauthorized activity to HTTP: GET /mcp show less	Web App Attack
🇳🇱 ByeByte API	2026-06-10 11:45:24 (5 days ago)	Port scan from this IP. Firewall dropped every packet. Targeted TCP ports: 443. Single burst at 2026 ... show more Port scan from this IP. Firewall dropped every packet. Targeted TCP ports: 443. Single burst at 2026-06-10 11:45 UTC. show less	Port Scan
🇫🇷 polido	2026-06-10 06:39:19 (5 days ago)	Unauthorized connection attempt to port 443 from 20.228.89.44	Port Scan

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 217.154.253.108

🇸🇬 142.91.102.186

🇷🇴 80.94.95.211

🇺🇸 2600:1f18:54f:1200:8cce:b208:4e3e:283a

🇧🇷 205.210.31.210

🇲🇽 187.140.79.156

🇨🇳 183.201.208.25

🇳🇱 176.65.140.201

🇦🇹 152.53.0.56

🇺🇸 152.32.208.169

🇳🇱 91.92.40.10

🇷🇴 80.94.92.177

🇺🇸 2604:a880:400:d1:0:4:9623:7001

🇧🇷 205.210.31.202

🇺🇸 173.255.223.149

🇻🇳 152.32.163.183

🇷🇴 141.98.83.240

🇧🇬 79.124.40.126

🇵🇰 39.35.218.80

🇨🇭 35.216.140.3