JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.42.42.212

20.42.42.212 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.42.42.212

Whois 20.42.42.212

IP Abuse Reports for 20.42.42.212:

This IP address has been reported a total of 49 times from 43 distinct sources. 20.42.42.212 was first reported on August 1st 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (1 day ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇪 kivitendo.de	2026-06-03 02:45:06 (1 day ago)	[Wed Jun 03 04:44:57.425241 2026] [authz_core:error] [pid 67563:tid 67568] [client 20.42.42.212:4411 ... show more [Wed Jun 03 04:44:57.425241 2026] [authz_core:error] [pid 67563:tid 67568] [client 20.42.42.212:44113] AH01630: client denied by server configuration: /var/www/kivitendo-erp/server-status [Wed Jun 03 04:45:08.565687 2026] [authz_core:error] [pid 67564:tid 67593] [client 20.42.42.212:44288] AH01630: client denied by server configuration: /var/www/kivitendo-erp/.htpasswd ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 02:07:19 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.42.42.212 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.42.42.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 22:07:11.285476 2026] [security2:error] [pid 6014:tid 6014] [client 20.42.42.212:44065] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.157"] [uri "/.git/config"] [unique_id "ah-MT4onPjRXVn6BVKsdigAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 boxed-it	2026-06-03 01:25:44 (1 day ago)	GET /config/database.yml (Tarpitted for 49m36s, wasted 174.49kB)	Web App Attack
🇷🇸 Scan	2026-06-03 01:19:30 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 RAP	2026-06-03 01:18:15 (1 day ago)	2026-06-03 01:18:15 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇧🇷 somosbr	2026-06-03 01:08:48 (1 day ago)	[2026-06-03T01:08:48Z] Unsolicited scan from 20.42.42.212 to port 8080/tcp	Port Scan
🇩🇪 XICTRON	2026-06-03 01:05:06 (1 day ago)	ModSecurity rule violation detected by Fail2Ban	Web App Attack
🇮🇪 AutosOnShow	2026-06-03 01:05:06 (1 day ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-03 01:04:41.546 \|	Web App Attack
🇩🇪 edena	2026-06-03 01:05:02 (1 day ago)	20.42.42.212 - - [03/Jun/2026:03:04:58 +0200] "GET /.env HTTP/1.1" 403 322 "-" "Mozilla/5.0 (Windows ... show more 20.42.42.212 - - [03/Jun/2026:03:04:58 +0200] "GET /.env HTTP/1.1" 403 322 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 20.42.42.212 - - [03/Jun/2026:03:04:59 +0200] "GET /.env.local HTTP/1.1" 403 322 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.42.42.212 - - [03/Jun/2026:03:05:01 +0200] "GET /.env.save HTTP/1.1" 403 322 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Web App Attack Bad Web Bot
Anonymous	2026-06-03 00:49:00 (1 day ago)	[2026-06-02 19:28:16 -0500] info [whostmgrd] 20.42.42.212 - root "POST /login/?login_only=1 HTTP/1 ... show more [2026-06-02 19:28:16 -0500] info [whostmgrd] 20.42.42.212 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-02 19:28:33 -0500] info [whostmgrd] 20.42.42.212 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect show less	Brute-Force Web App Attack Hacking
🇩🇪 Roper123	2026-06-03 00:39:39 (1 day ago)	Web exploits	Web App Attack
🇺🇸 LotPhantom	2026-06-03 00:37:47 (1 day ago)	2026-06-03T00:37:47.412168+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1 ... show more 2026-06-03T00:37:47.412168+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=20.42.42.212 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=24048 DF PROTO=TCP SPT=44175 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-03T00:37:47.417347+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=20.42.42.212 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=11825 DF PROTO=TCP SPT=44163 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan Hacking
🇪🇸 alferez	2026-06-03 00:29:29 (1 day ago)	Searching hacked php files	Hacking Exploited Host Web App Attack
🇺🇸 pixiekat	2026-06-02 23:38:30 (1 day ago)	[Tue Jun 02 23:38:22.826120 2026] [authz_core:error] [pid 72868:tid 72886] [client 20.42.42.212:4407 ... show more [Tue Jun 02 23:38:22.826120 2026] [authz_core:error] [pid 72868:tid 72886] [client 20.42.42.212:44077] AH01630: client denied by server configuration: /var/www/html/.env [Tue Jun 02 23:38:24.439364 2026] [authz_core:error] [pid 72868:tid 72873] [client 20.42.42.212:44084] AH01630: client denied by server configuration: /var/www/html/.env.production [Tue Jun 02 23:38:25.960858 2026] [authz_core:error] [pid 72840:tid 72865] [client 20.42.42.212:44068] AH01630: client denied by server configuration: /var/www/html/.env.save [Tue Jun 02 23:38:26.994203 2026] [authz_core:error] [pid 72840:tid 72843] [client 20.42.42.212:44094] AH01630: client denied by server configuration: /var/www/html/wp-config.php [Tue Jun 02 23:38:30.115688 2026] [authz_core:error] [pid 72868:tid 72884] [client 20.42.42.212:44072] AH01630: client denied by server configuration: /var/www/html/config ... show less	Brute-Force

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.84.100.167

🇭🇰 123.58.215.196

🇳🇱 45.148.10.147

🇯🇵 35.200.36.191

🇩🇪 213.209.159.226

🇧🇷 205.210.31.240

🇧🇷 179.184.242.48

🇺🇸 162.216.150.247

🇺🇸 162.216.149.14

🇩🇪 155.117.127.153

🇹🇼 128.14.229.76

🇨🇳 117.177.102.79

🇮🇳 103.190.7.203

🇫🇷 75.119.132.109

🇺🇸 72.14.147.219

🇩🇪 69.5.169.10

🇵🇭 58.69.56.44

🇯🇵 203.25.124.222

🇵🇱 185.241.208.20

🇩🇿 154.241.47.200