AbuseIPDB » 20.39.34.16

20.39.34.16 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 63%: ?

63%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 20.39.34.16

Whois 20.39.34.16

IP Abuse Reports for 20.39.34.16:

This IP address has been reported a total of 42 times from 16 distinct sources. 20.39.34.16 was first reported on June 20th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Anonymous	2025-07-09 15:58:21 (4 days ago)		Web App Attack
TPI-Abuse	2025-06-29 04:01:05 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210730) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 29 00:00:58.197674 2025] [security2:error] [pid 959993:tid 959993] [client 20.39.34.16:43378] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|atticlodgeoutdoorlearningcenter.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "atticlodgeoutdoorlearningcenter.com"] [uri "/db_dump.sql"] [unique_id "aGC6erpyjd8vluTcDqsQmwAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
mnsf	2025-06-29 01:05:07 (2 weeks ago)	Too many Status 40X (11)	Brute-Force Web App Attack
ddw	2025-06-28 11:13:29 (2 weeks ago)	ModSecurity detection - Rules: 930130(Restricted File Access Attempt)	Web App Attack
TPI-Abuse	2025-06-28 08:28:19 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210730) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 28 04:28:12.556005 2025] [security2:error] [pid 3234585:tid 3234585] [client 20.39.34.16:42184] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.gilgoinn.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.gilgoinn.com"] [uri "/dump.sql"] [unique_id "aF-nnIuYePZXQNksn7-cbQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
iNetWorker	2025-06-28 01:20:32 (2 weeks ago)	trolling for resource vulnerabilities	Web App Attack
mnsf	2025-06-28 00:05:06 (2 weeks ago)	Too many Status 40X (12)	Brute-Force Web App Attack
TPI-Abuse	2025-06-27 17:17:13 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210492) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 27 13:17:06.488874 2025] [security2:error] [pid 2813940:tid 2813940] [client 20.39.34.16:44690] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.naturephotographyadventures.com"] [uri "/web.config"] [unique_id "aF7SElAd19G7Eon1nkPoPAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
artificialred.nl	2025-06-27 14:42:01 (2 weeks ago)	[ModSecurity probing] access_ssl_log:20.39.34.16 - - [27/Jun/2025:16:39:30 +0200] GET /.env.producti ... show more[ModSecurity probing] access_ssl_log:20.39.34.16 - - [27/Jun/2025:16:39:30 +0200] GET /.env.production HTTP/1.0" 404 38345 "-" "curl/8.5.0" access_ssl_log:20.39.34.16 - - [27/Jun/2025:16:40:01 +0200] "GET /web.config HTTP/1.0" 404 38345 "-" "curl/8.5.0" access_ssl_log:20.39.34.16 - - [27/Jun/2025:16:40:25 +0200] "GET /backup.tar.gz HTTP/1.0" 404 38345 "-" "curl/8.5.0" access_ssl_log:20.39.34.16 - - [27/Jun/2025:16:40:54 +0200] "GET /db_dump.sql HTTP/1.0" 404 38345 "-" "curl/8.5.0" access_ssl_log:20.39.34.16 - - [27/Jun/2025:16:41:02 +0200] "GET /.git/config HTTP/1.0" 404 38345 "-" "curl/8.5.0" " show less	Port Scan Web App Attack
TPI-Abuse	2025-06-27 02:51:42 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210492) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 26 22:51:38.239440 2025] [security2:error] [pid 2452380:tid 2452380] [client 20.39.34.16:50386] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aden.us"] [uri "/web.config"] [unique_id "aF4HOqrCtqmTf0jInwySowAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
mnsf	2025-06-26 23:05:18 (2 weeks ago)	Too many Status 40X (17)	Brute-Force Web App Attack
Ba-Yu	2025-06-26 18:33:54 (2 weeks ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
TPI-Abuse	2025-06-26 08:06:40 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210730) triggered by 20.39.34.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 26 04:06:34.532559 2025] [security2:error] [pid 963473:tid 963473] [client 20.39.34.16:35414] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.solidthought.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.solidthought.com"] [uri "/rockerdan/db_dump.sql"] [unique_id "aFz_ikKpIZysitDxZ0RJugAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
mnsf	2025-06-25 22:05:10 (2 weeks ago)	Too many Status 40X (17)	Brute-Force Web App Attack
mnsf	2025-06-24 21:05:23 (2 weeks ago)	Too many Status 40X (14)	Brute-Force Web App Attack

Showing 1 to 15 of 42 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

37.221.212.206

72.52.178.15

103.159.133.12

2a01:4f8:c013:3974::1

117.247.111.70

47.128.122.149

176.65.149.226

198.235.24.175

156.228.119.168

185.242.226.27

165.22.213.119

74.82.47.41

119.108.224.112

31.14.32.6

181.189.43.33

186.4.81.17

47.128.46.85

91.196.152.8

190.93.102.139

162.216.149.101