JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.229.114.149

20.229.114.149 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 60%: ?

60%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.229.114.149

Whois 20.229.114.149

IP Abuse Reports for 20.229.114.149:

This IP address has been reported a total of 12 times from 9 distinct sources. 20.229.114.149 was first reported on June 19th 2026, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 20:16:34 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.229.114.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.229.114.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 16:16:27.440874 2026] [security2:error] [pid 20520:tid 20520] [client 20.229.114.149:39462] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.starfrontiers.com"] [uri "/.env"] [unique_id "ajWjmxzdMpMCbpxIggIi_AAAADA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 20:05:26 (8 hours ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (50/60 min)'; Requests=50	Port Scan
🇺🇸 TPI-Abuse	2026-06-19 19:57:01 (8 hours ago)	(mod_security) mod_security (id:210730) triggered by 20.229.114.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.229.114.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 15:56:53.614844 2026] [security2:error] [pid 17877:tid 17877] [client 20.229.114.149:39286] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|backtosleep.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "backtosleep.com"] [uri "/s3cmd.ini"] [unique_id "ajWfBaiKiqaNCTH-8VL7fAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 nfsec.pl	2026-06-19 19:34:11 (8 hours ago)	20.229.114.149 - - [19/Jun/2026:19:33:55 +0000] "GET /.aws/credentials HTTP/2.0" 404 24907 "-" "Go-h ... show more 20.229.114.149 - - [19/Jun/2026:19:33:55 +0000] "GET /.aws/credentials HTTP/2.0" 404 24907 "-" "Go-http-client/2.0" 20.229.114.149 - - [19/Jun/2026:19:33:59 +0000] "GET /.aws/credentials.gpg HTTP/2.0" 404 24985 "-" "Go-http-client/2.0" 20.229.114.149 - - [19/Jun/2026:19:34:04 +0000] "GET /.s3cfg HTTP/2.0" 404 24890 "-" "Go-http-client/2.0" 20.229.114.149 - - [19/Jun/2026:19:34:07 +0000] "GET /.passwd-s3fs HTTP/2.0" 404 24951 "-" "Go-http-client/2.0" 20.229.114.149 - - [19/Jun/2026:19:34:11 +0000] "GET /s3cmd.ini HTTP/2.0" 404 24918 "-" "Go-http-client/2.0" ... show less	Web App Attack Exploited Host
🇺🇸 TPI-Abuse	2026-06-19 19:12:23 (9 hours ago)	(mod_security) mod_security (id:210730) triggered by 20.229.114.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.229.114.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 15:12:19.848782 2026] [security2:error] [pid 2206:tid 2206] [client 20.229.114.149:51548] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.garon.us\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.garon.us"] [uri "/s3cmd.ini"] [unique_id "ajWUkwvMtXqksLX4g6aUzAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 pipeline.es	2026-06-19 18:47:17 (9 hours ago)	Web scanning / probing for vulnerable paths \| URL: /assets/credentials.json \| Evidence: www.unav.ws ... show more Web scanning / probing for vulnerable paths \| URL: /assets/credentials.json \| Evidence: www.unav.ws 20.229.114.149 - - [19/Jun/2026:20:45:37 +0200] \"GET /assets/credentials.json HTTP/1.1\" 404 31204 \"-\" \"Go-http-client/1.1\" GEOIP_COUNTRY_CODE=NL \| ASN: MICROSOFT-CORP-MSN-AS-BLOCK \| Country: NL show less	Port Scan Web App Attack
🇮🇹 VHosting	2026-06-19 18:35:03 (9 hours ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 18:08:13 (10 hours ago)	(mod_security) mod_security (id:210730) triggered by 20.229.114.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.229.114.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:08:08.543546 2026] [security2:error] [pid 10834:tid 10834] [client 20.229.114.149:57400] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.formationone.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.formationone.com"] [uri "/s3cmd.ini"] [unique_id "ajWFiKOu9BksutDXXJrGPgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-19 18:05:22 (10 hours ago)	Excessive 404/403 errors	Brute-Force
🇩🇪 grassau.com	2026-06-19 17:58:15 (10 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 20.229.114.149 (NL/The Netherlands/Nort ... show more (mod_security) mod_security triggered on hostname [redacted] 20.229.114.149 (NL/The Netherlands/North Holland/Amsterdam/-) show less	SQL Injection
Anonymous	2026-06-19 17:54:48 (10 hours ago)	[ssd5.kdns.gr] httpd-suspicious-path: sites=primaverapianistica.com; logs=/var/log/httpd/domains/pri ... show more [ssd5.kdns.gr] httpd-suspicious-path: sites=primaverapianistica.com; logs=/var/log/httpd/domains/primaverapianistica.com.log; samples=/.aws/credentials \| /.env \| /.env.backup show less	Hacking Web App Attack
🇫🇷 Octopuce	2026-06-19 17:43:04 (10 hours ago)	Aggressive web search of vulnerable pages: /.env /.env.local /api/.env /apps/.env /store/.env ...	Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 209.50.181.221

🇮🇷 185.199.211.164

🇸🇦 185.2.233.156

🇳🇱 91.92.40.5

🇱🇹 81.30.98.142

🇸🇬 68.183.236.1

🇨🇳 202.103.55.158

🇺🇸 147.92.96.7

🇬🇧 143.47.243.20

🇷🇴 141.98.83.240

🇨🇳 121.196.27.240

🇺🇸 118.26.109.7

🇨🇳 117.158.166.73

🇨🇳 111.113.88.31

🇺🇦 78.30.250.62

🇸🇬 47.79.51.39

🇨🇳 223.167.169.204

🇺🇸 216.26.228.242

🇹🇼 198.235.24.60

🇻🇳 123.16.75.158