JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.251.155.67

20.251.155.67 was found in our database!

This IP was reported 57 times. Confidence of Abuse is 68%: ?

68%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇳🇴 Norway
City	Oslo, Oslo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.251.155.67

Whois 20.251.155.67

IP Abuse Reports for 20.251.155.67:

This IP address has been reported a total of 57 times from 52 distinct sources. 20.251.155.67 was first reported on May 20th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-24 22:00:26 (1 month ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-23. show less	Web App Attack SSH Hacking
🇩🇪 Teufel100	2026-05-23 21:03:33 (1 month ago)	ModSecurity rejected a query'	Brute-Force Hacking Web App Attack
🇩🇪 Hugopvigo	2026-05-23 20:46:12 (1 month ago)	"2026-05-23 20:46:12+00:00 20.251.155.67 IP con score alto (100) detectada en el log."	Brute-Force SSH
🇫🇮 Kimmo Rieskaniemi	2026-05-23 20:13:05 (1 month ago)	CrowdSec triggered crowdsecurity/CVE-2017-9841	Web App Attack
🇩🇪 AetherFox	2026-05-23 19:24:33 (1 month ago)	AetherFox VoidGuard detected: [Sat May 23 19:24:32.989862 2026] [authz_core:error] [pid 1331104:tid ... show more AetherFox VoidGuard detected: [Sat May 23 19:24:32.989862 2026] [authz_core:error] [pid 1331104:tid 1331131] [client 20.251.155.67:53542] AH01630: client denied by server configuration: proxy:https://freebeegee.draconigen.de/.env [Sat May 23 19:24:32.990130 2026] [authz_core:error] [pid 1331104:tid 1331131] [client 20.251.155.67:53542] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html [Sat May 23 19:24:32.799235 2026] [authz_core:error] [pid 1334751:tid 1334754] [client 20.251.155.67:53506] AH01630: client denied by server configuration: proxy:http://[MASKED]/.env [Sat May 23 19:24:32.799509 2026] [authz_core:error] [pid 1334751:tid 1334754] [client 20.251.155.67:53506] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html [Sat May 23 19:24:32.905949 2026] [authz_core:error] [pid 1334751:tid 1334761] [client 20.251.155.67:53521] AH01630: client denied by server configuration: proxy:http://[MASKED]/ ... show less	Bad Web Bot Web App Attack
🇨🇦 alexbfr	2026-05-23 19:02:35 (1 month ago)	Fail2Ban Report, nginx-bot-trap jail: Automated honeypot detection.	Port Scan
🇯🇵 VXG-NET	2026-05-23 17:53:33 (1 month ago)	port=80, indicator_type=code-execution	Hacking
🇨🇦 polycoda	2026-05-23 17:51:14 (1 month ago)	AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based)	Hacking Web App Attack
🇺🇸 ObiStacks	2026-05-23 17:19:10 (1 month ago)	OBI Security — Obsidian Vision LLC \| Threat Level: 3 \| Reason: CrowdSec: crowdsecurity/CVE-2017-9841 ... show more OBI Security — Obsidian Vision LLC \| Threat Level: 3 \| Reason: CrowdSec: crowdsecurity/CVE-2017-9841 \| Action: Blocked \| Timestamp: 2026-05-23 17:19:10 UTC show less	Brute-Force
🇦🇺 AWW-Admin	2026-05-23 16:02:47 (1 month ago)	(mod_security) mod_security triggered on hostname [redacted] 20.251.155.67 (NO/Norway/-)	SQL Injection
Anonymous	2026-05-23 16:02:09 (1 month ago)	May 23 18:02:07 mail2 Nextcloud[146482]: {"reqId":"ahHPfzy_UrOpGLv-fbAW2AAAAA8","level":1,"time":"20 ... show more May 23 18:02:07 mail2 Nextcloud[146482]: {"reqId":"ahHPfzy_UrOpGLv-fbAW2AAAAA8","level":1,"time":"2026-05-23T16:02:07+00:00","remoteAddr":"20.251.155.67","user":"--","app":"core","method":"GET","url":"/.env","scriptName":"/index.php","message":"Trusted domain error. \"20.251.155.67\" tried to access using \"178.254.3.7\" as host.","userAgent":"Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30","version":"32.0.5.0","data":{"app":"core"}} May 23 18:02:07 mail2 Nextcloud[262945]: {"reqId":"ahHPfysHqIj7jqQUfP3VAAAAAIs","level":1,"time":"2026-05-23T16:02:07+00:00","remoteAddr":"20.251.155.67","user":"--","app":"core","method":"POST","url":"/","scriptName":"/index.php","message":"Trusted domain error. \"20.251.155.67\" tried to access using \"178.254.3.7\" as host.","userAgent":"Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTM ... show less	Brute-Force Web App Attack
🇩🇪 pscriptos	2026-05-23 15:02:40 (1 month ago)	This IP was detected by CrowdSec triggering crowdsecurity/CVE-2017-9841	Web App Attack
🇩🇪 Mr-Money	2026-05-23 14:38:13 (1 month ago)	20.251.155.67 - - [23/May/2026:16:38:13 +0200] "GET /.env HTTP/1.1" 404 437 "-" "Mozilla/5.0 (Linux; ... show more 20.251.155.67 - - [23/May/2026:16:38:13 +0200] "GET /.env HTTP/1.1" 404 437 "-" "Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30" ... show less	Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack
🇩🇪 sdos.es	2026-05-23 13:53:46 (1 month ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
🇺🇸 xxkodedxx	2026-05-23 13:09:28 (1 month ago)	[Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get, 1× edge-block ... show more [Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get, 1× edge-block in 10m window. Origin: NO / AS8075 Microsoft Corporation Active: 13:08:59→13:09:00 UTC Volume: 1 HTTP req, 1 honeypot probe(s) Bait taken: /.env Status mix: 444×1 Vhost fishing: 67.217.240.72 UA: "Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile..." Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 57 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 221.161.235.168

🇨🇳 118.145.247.242

🇮🇳 115.96.196.42

🇭🇰 101.36.111.155

🇪🇸 88.20.37.220

🇺🇸 44.121.44.64

🇨🇭 35.216.201.9

🇺🇸 20.65.193.82

🇷🇺 5.101.64.6

🇺🇸 3.17.57.94

🇺🇸 195.184.76.147

🇲🇽 189.240.44.9

🇩🇪 167.94.145.16

🇩🇪 148.153.140.14

🇩🇪 134.122.84.100

🇸🇪 104.28.158.40

🇮🇩 103.97.101.25

🇫🇷 91.196.152.184

🇬🇧 82.39.35.211

🇧🇪 35.205.22.111