JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.42.84.170

20.42.84.170 was found in our database!

This IP was reported 54 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.42.84.170

Whois 20.42.84.170

IP Abuse Reports for 20.42.84.170:

This IP address has been reported a total of 54 times from 30 distinct sources. 20.42.84.170 was first reported on June 8th 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 andypiper	2026-06-16 01:00:43 (11 hours ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 mnsf	2026-06-16 00:16:17 (12 hours ago)	Abuse Detected (2)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 23:02:37 (13 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 19:02:29.720210 2026] [security2:error] [pid 9737:tid 9737] [client 20.42.84.170:64763] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.102"] [uri "/.env"] [unique_id "ajCEhWHfT4GxLNqf02WXowAAAIk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 22:46:29 (14 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 18:46:21.405022 2026] [security2:error] [pid 2022:tid 2049] [client 20.42.84.170:55753] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.17"] [uri "/.env"] [unique_id "ajCAvT_BJ33pYu_mc_GxYwAAAVg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Mykola Spesivtsev	2026-06-15 20:50:54 (16 hours ago)	HTTP Tarpit detected bot activity:TargetPort:443, Path:/.env, Method:GET, UA:Mozilla/5.0 (X11; Linux ... show more HTTP Tarpit detected bot activity:TargetPort:443, Path:/.env, Method:GET, UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/5 show less	Port Scan Web App Attack Bad Web Bot
🇫🇮 kumiko	2026-06-15 20:28:06 (16 hours ago)	[2026-06-15 23:28:05] Probing for dotfiles "GET /.env HTTP/1.1" 403	Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-06-15 20:13:20 (16 hours ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 20:12:54 (16 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 16:12:50.373989 2026] [security2:error] [pid 15763:tid 15763] [client 20.42.84.170:62620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.93"] [uri "/.env"] [unique_id "ajBcwoWp2ddKIYGjx0RNvgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2026-06-15 20:05:17 (16 hours ago)	Accessed trap at '/.env'	Web App Attack
🇩🇪 Mykola Spesivtsev	2026-06-15 19:50:48 (17 hours ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/.env, Method:GET, UA:Mozilla/5.0 (X11; Linux ... show more HTTP Tarpit detected bot activity:TargetPort:80, Path:/.env, Method:GET, UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/5 show less	Port Scan Web App Attack Bad Web Bot
🇫🇷 LRNP	2026-06-15 18:47:46 (18 hours ago)	_:80 20.42.84.170 - - [15/Jun/2026:18:47:46 +0000] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (X1 ... show more _:80 20.42.84.170 - - [15/Jun/2026:18:47:46 +0000] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 18:31:15 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:31:10.058003 2026] [security2:error] [pid 15333:tid 15333] [client 20.42.84.170:62975] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.88"] [uri "/.env"] [unique_id "ajBE7qPDM9Uyb9fDJlvk9gAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-15 18:21:51 (18 hours ago)	[redacted] 20.42.84.170 - - [15/Jun/2026:19:21:48 +0100] "GET /.env HTTP/1.1" 307 423 "-" "Mozilla/5 ... show more [redacted] 20.42.84.170 - - [15/Jun/2026:19:21:48 +0100] "GET /.env HTTP/1.1" 307 423 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" [redacted] 20.42.84.170 - - [15/Jun/2026:19:21:49 +0100] "GET /.env HTTP/1.1" 307 5688 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less	Bad Web Bot Web App Attack
Anonymous	2026-06-15 18:20:33 (18 hours ago)	2026-06-15T18:20:32.797025+00:00 caddy caddy[63377]: {"level":"info","ts":1781547632.7969007,"logger ... show more 2026-06-15T18:20:32.797025+00:00 caddy caddy[63377]: {"level":"info","ts":1781547632.7969007,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"20.42.84.170","remote_port":"60233","client_ip":"20.42.84.170","proto":"HTTP/1.1","method":"GET","host":"142.132.232.19","uri":"/.env","headers":{"Accept-Encoding":["gzip, deflate"],"Accept":["/"],"Connection":["keep-alive"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"]}},"bytes_read":0,"user_id":"","duration":0.000068122,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://142.132.232.19/.env"],"Content-Type":[]}} ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 17:57:47 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.42.84.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:57:40.720777 2026] [security2:error] [pid 25866:tid 25866] [client 20.42.84.170:63461] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.115"] [uri "/.env"] [unique_id "ajA9FPfxwcTZtHdW30-y8gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 54 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇶🇦 2600:1900:4260:40e::127

🇺🇸 192.169.197.123

🇩🇪 213.209.159.56

🇺🇸 208.84.101.224

🇺🇸 192.241.157.243

🇧🇷 191.255.175.99

🇲🇽 187.191.48.4

🇺🇸 172.190.216.105

🇻🇳 171.231.198.236

🇨🇳 118.249.190.3

🇨🇳 101.126.30.240

🇮🇪 54.171.73.224

🇧🇷 45.229.91.34

🇳🇱 45.148.10.151

🇺🇸 34.230.205.18

🇧🇷 20.226.14.10

🇺🇸 20.106.195.24

🇺🇸 173.239.240.159

🇺🇸 172.232.15.250

🇺🇸 103.234.62.73