JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.55.126.240

20.55.126.240 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 59%: ?

59%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.55.126.240

Whois 20.55.126.240

IP Abuse Reports for 20.55.126.240:

This IP address has been reported a total of 31 times from 26 distinct sources. 20.55.126.240 was first reported on August 6th 2025, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 boxed-it	2026-06-15 23:17:05 (14 hours ago)	GET /.DS_Store (Tarpitted for 1d15h8m28s, wasted 8.06MB)	Web App Attack
Anonymous	2026-06-14 17:56:34 (1 day ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 xmission.com	2026-06-14 09:39:53 (2 days ago)	Blocked by UFW (TCP on 2087) Source port: 21216 TTL: 47 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 21216 TTL: 47 Packet length: 60 TOS: 0x00 This report (for 20.55.126.240) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-14 06:43:26 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 20.55.126.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.126.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 02:43:19.847514 2026] [security2:error] [pid 13963:tid 13963] [client 20.55.126.240:21140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.237"] [uri "/.git/HEAD"] [unique_id "ai5Nh3KJskdJB4vpNhtqZgAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇾 lns.bz	2026-06-14 06:30:19 (2 days ago)	Too many 404 requests [BY]	Web App Attack
🇺🇸 Axel	2026-06-14 06:18:34 (2 days ago)	Blocked by UFW on MVI [2086/tcp] \| SPT: 21403 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2086/tcp] \| SPT: 21403 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-14 05:39:26 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 20.55.126.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.126.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 01:39:22.554320 2026] [security2:error] [pid 32210:tid 32210] [client 20.55.126.240:21481] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.42"] [uri "/.git/HEAD"] [unique_id "ai4-iktBNtk-ZEd_FLqIKQAAAHY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 05:18:11 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 20.55.126.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.126.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 01:18:04.304209 2026] [security2:error] [pid 22264:tid 22264] [client 20.55.126.240:19547] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.20"] [uri "/.git/HEAD"] [unique_id "ai45jDirsYFoXYRCCROVgAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 cloudmax	2026-05-31 22:39:15 (2 weeks ago)	Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnera ... show more Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnerability probing show less	Port Scan
Anonymous	2026-05-31 22:20:36 (2 weeks ago)	Unauthorized access (tcp/80/http)	Port Scan Web App Attack
🇫🇷 GabrielJST	2026-05-31 22:12:35 (2 weeks ago)	Port Scan detected from 20.55.126.240 (US/United States/-).	Port Scan
🇯🇵 demonsword	2026-05-12 10:45:15 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.eastmoney.com:443 show less	Open Proxy Port Scan
🇯🇵 demonsword	2026-05-10 04:04:26 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.binance.com:443 show less	Open Proxy Port Scan
🇨🇳 ThreatBook.io	2026-04-26 22:15:52 (1 month ago)	ThreatBook Intelligence: Spam,Info more details on https://threatbook.io/ip/20.55.126.240	Brute-Force
🇳🇱 homeshowdomain.nl	2026-04-09 21:59:04 (2 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-04-08. show less	Web App Attack SSH Hacking

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 179.49.80.141

🇻🇳 14.170.107.227

🇬🇧 213.166.84.44

🇺🇸 185.106.96.20

🇧🇷 177.54.62.68

🇺🇸 161.0.29.197

🇺🇸 156.238.254.10

🇺🇸 134.195.91.143

🇺🇸 129.146.47.44

🇨🇳 106.38.226.87

🇿🇦 102.64.44.31

🇳🇱 91.229.105.132

🇵🇱 83.168.89.193

🇺🇸 45.56.94.56

🇲🇽 45.7.67.201

🇺🇸 43.130.105.167

🇨🇴 179.33.210.213

🇺🇸 159.89.184.240

🇩🇪 154.222.151.36

🇵🇱 95.214.55.226