JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.42.9.229

20.42.9.229 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 79%: ?

79%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.42.9.229

Whois 20.42.9.229

IP Abuse Reports for 20.42.9.229:

This IP address has been reported a total of 27 times from 21 distinct sources. 20.42.9.229 was first reported on June 2nd 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-11 09:17:19 (1 week ago)	Blocked by UFW (TCP on 9000) Source port: 43648 TTL: 47 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 9000) Source port: 43648 TTL: 47 Packet length: 60 TOS: 0x00 This report (for 20.42.9.229) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-06-11 08:46:15 (1 week ago)	Blocked by UFW (TCP on 4000) Source port: 43648 TTL: 45 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 4000) Source port: 43648 TTL: 45 Packet length: 60 TOS: 0x00 This report (for 20.42.9.229) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇧🇷 SOC-BR	2026-06-06 07:24:46 (2 weeks ago)	Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-05 0 ... show more Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-05 03:23:38 - Source Port 19923 show less	Port Scan Hacking
🇦🇹 urnilxfgbez	2026-06-05 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 TPI-Abuse	2026-06-05 06:18:23 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.42.9.229 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 20.42.9.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 02:18:17.186624 2026] [security2:error] [pid 25182:tid 25182] [client 20.42.9.229:19368] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.162"] [uri "/.git/HEAD"] [unique_id "aiJqKd6kGkVoxgHUaE1WAwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 VXG-NET	2026-06-05 06:13:30 (2 weeks ago)	port=80, indicator_type=info-leak	Hacking
🇺🇸 TPI-Abuse	2026-06-05 05:48:20 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.42.9.229 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 20.42.9.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 01:48:16.614586 2026] [security2:error] [pid 2756:tid 2756] [client 20.42.9.229:19625] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.93"] [uri "/.git/HEAD"] [unique_id "aiJjIABiEfGOxLvfjAnGEQAAAHc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-05 04:47:35 (2 weeks ago)	Multiple WAF Violations	Web App Attack
🇵🇱 Tankudoraiba	2026-06-05 04:13:08 (2 weeks ago)	Unauthorized connection attempts on ports 443\|80	Port Scan Bad Web Bot
🇺🇸 RAP	2026-06-05 04:03:53 (2 weeks ago)	2026-06-05 04:03:53 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇹🇼 tye	2026-06-05 03:38:40 (2 weeks ago)	Wazuh Alert Evidence: [Fri Jun 05 11:38:36.262264 2026] [security2:error] [pid 3852215] [client 20.4 ... show more Wazuh Alert Evidence: [Fri Jun 05 11:38:36.262264 2026] [security2:error] [pid 3852215] [client 20.42.9.229:20033] [client 20.42.9.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/apache2/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.23.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "114.32.32.181"] [uri "/.git/HEAD"] [unique_id "aiJEvOoUiKtCLMvZTJHuxgAAAA8"] show less	Web App Attack
🇪🇸 alferez	2026-06-05 02:13:19 (2 weeks ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 02:04:01 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.42.9.229 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 20.42.9.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 22:03:58.051378 2026] [security2:error] [pid 25925:tid 25925] [client 20.42.9.229:19278] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.33"] [uri "/.git/HEAD"] [unique_id "aiIujhKD9PRL2rFAGVMxRAAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Scan	2026-06-05 01:49:19 (2 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇨🇭 DasBiberlein	2026-06-05 01:15:04 (2 weeks ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 115.68.226.131

🇺🇸 2607:f8b0:4023:1000::12a

🇳🇱 86.54.31.44

🇧🇬 79.124.60.146

🇩🇪 69.5.169.99

🇩🇪 69.5.169.65

🇰🇷 211.253.9.49

🇰🇷 211.46.188.16

🇺🇸 205.210.31.45

🇦🇷 181.104.43.225

🇵🇰 175.107.228.187

🇺🇸 157.245.114.249

🇱🇹 141.98.10.162

🇳🇬 102.90.80.22

🇺🇸 66.132.195.19

🇲🇾 47.254.196.98

🇳🇱 45.198.224.143

🇺🇸 165.227.188.34

🇺🇸 161.35.58.242

🇺🇸 159.223.175.47