JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.55.214.115

20.55.214.115 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 31%: ?

31%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.55.214.115

Whois 20.55.214.115

IP Abuse Reports for 20.55.214.115:

This IP address has been reported a total of 44 times from 36 distinct sources. 20.55.214.115 was first reported on July 15th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 polido	2026-06-27 02:05:48 (3 days ago)	Unauthorized connection attempt to port 443 from 20.55.214.115	Port Scan
🇺🇸 www.winos.me	2026-06-27 01:56:35 (3 days ago)	Shield: Layer4 Port 9 Trap	Port Scan Hacking
Anonymous	2026-06-07 15:41:42 (3 weeks ago)	2026-06-07T16:41:41.286095+01:00 vps kernel: [42587064.517293] [PORTSCAN DETECTED] IN=ens3 OUT= MAC= ... show more 2026-06-07T16:41:41.286095+01:00 vps kernel: [42587064.517293] [PORTSCAN DETECTED] IN=ens3 OUT= MAC=fa:16:3e:66:f6:24:02:37:19:0d:c2:f3:08:00 SRC=20.55.214.115 DST=54.37.14.118 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=10351 PROTO=TCP SPT=32797 DPT=8848 WINDOW=1024 RES=0x00 SYN URGP=0 ... show less	Port Scan Brute-Force
🇺🇸 TPI-Abuse	2026-05-21 16:41:44 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 20.55.214.115 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.214.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 12:41:39.672451 2026] [security2:error] [pid 29897:tid 29897] [client 20.55.214.115:16408] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "michaeltravis.com"] [uri "/.git/config"] [unique_id "ag81w7J7Q-v521aHzkVyTwAAABM"], referer: https://docs.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-05-21 14:09:38 (1 month ago)	[ThuMay2116:09:32.3528012026][security2:error][pid2052039:tid2052106][client20.55.214.115:0]ModSecur ... show more [ThuMay2116:09:32.3528012026][security2:error][pid2052039:tid2052106][client20.55.214.115:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"/etc/passwd\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"141\"][id\"347009\"][rev\"1\"][msg\"Atomicorp.comWAFRules:ProtectedFileaccessdenied\"][severity\"CRITICAL\"][hostname\"mail.gpwealth.ch.136-243-54-122.cpanel.site\"][uri\"/@fs/etc/passwd\"][unique_id\"ag8SHLc23CQzmdp1ON-pkgAAAIY\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 13:53:13 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 20.55.214.115 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.214.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 09:53:07.669660 2026] [security2:error] [pid 12444:tid 12444] [client 20.55.214.115:16409] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "johnatuttle.com.player-care.com"] [uri "/config/.env"] [unique_id "ag8OQwtGiA5VuJoCW4ZEBgAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 LTM	2026-05-21 06:20:02 (1 month ago)	WebServer - Attempts to exploit	Hacking Brute-Force Web App Attack
🇯🇵 demonsword	2026-05-15 12:54:19 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.binance.com:443 show less	Open Proxy Port Scan
🇺🇸 TPI-Abuse	2026-04-10 11:50:18 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 20.55.214.115 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.214.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 10 07:50:00.962269 2026] [security2:error] [pid 1591613:tid 1591613] [client 20.55.214.115:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.abdulhameeds.art"] [uri "/@fs/app/.git/config"] [unique_id "adjj6I7_JxiuU9x7teer3gAAAA4"], referer: https://stackoverflow.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-10 09:07:21 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 20.55.214.115 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.214.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 10 05:07:17.122339 2026] [security2:error] [pid 1850005:tid 1850005] [client 20.55.214.115:30745] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "benwoodwv.com.mmldesign.com"] [uri "/@fs/app/.git/config"] [unique_id "adi9xbXEZgkQlS7ADCReJwAAAAY"], referer: https://news.ycombinator.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 Threat.live	2026-03-04 07:40:15 (3 months ago)	Brute Force, tcp/8443	Brute-Force
🇨🇳 ThreatBook.io	2026-01-26 22:57:25 (5 months ago)	ThreatBook Intelligence: Spam,Info more details on https://threatbook.io/ip/20.55.214.115 2026-01-26 ... show more ThreatBook Intelligence: Spam,Info more details on https://threatbook.io/ip/20.55.214.115 2026-01-26 03:48:59 ["history \| tail -5"] 2026-01-26 05:40:02 ["whoami"] 2026-01-26 03:45:54 ["hostname"] 2026-01-26 04:14:06 ["whoami"] 2026-01-26 05:01:56 ["hostname"] 2026-01-26 06:16:38 ["whoami"] 2026-01-26 06:02:13 ["uname -a"] 2026-01-26 05:03:32 ["mount \| head -5"] 2026-01-26 05:33:16 ["netstat -tulpn \| head -10"] 2026-01-26 05:38:22 ["whoami"] show less	Brute-Force
🇬🇧 [email protected]	2026-01-26 00:50:00 (5 months ago)	...	Brute-Force SSH
🇨🇦 Axel	2026-01-25 22:05:37 (5 months ago)	SSH login attempts (endlessh): 2026-01-25T21:38:56.605Z ACCEPT host=::ffff:20.55.214.115 port=38936 ... show more SSH login attempts (endlessh): 2026-01-25T21:38:56.605Z ACCEPT host=::ffff:20.55.214.115 port=38936 fd=6 n=3/4096 show less	Brute-Force SSH
🇺🇸 mutebot.net	2026-01-25 22:05:03 (5 months ago)	Connection closed by authenticating user root 20.55.214.115 port 38936 [preauth] Connection closed b ... show more Connection closed by authenticating user root 20.55.214.115 port 38936 [preauth] Connection closed by authenticating user root 20.55.214.115 port 38936 [preauth] Connection closed by authenticating user root 20.55.214.115 port 38936 [preauth] Connection closed by authenticating user root 20.55.214.115 port 38936 [preauth] Connection closed by authenticating user root 20.55.214.115 port 38936 [preauth] show less	Brute-Force SSH

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 195.96.139.67

🇧🇷 191.55.55.55

🇮🇩 160.187.174.22

🇰🇷 121.125.67.137

🇻🇳 115.77.204.99

🇮🇳 103.181.160.7

🇺🇸 65.49.20.78

🇺🇸 63.117.215.6

🇺🇸 20.64.105.74

🇬🇧 195.96.139.45

🇧🇷 190.89.136.236

🇲🇽 189.143.52.158

🇩🇪 185.242.3.195

🇨🇳 180.76.53.175

🇺🇸 173.239.254.169

🇺🇸 162.216.150.112

🇭🇰 112.119.21.245

🇺🇸 107.167.34.125

🇷🇺 89.108.117.128

🇩🇪 62.54.176.203