JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.55.223.181

20.55.223.181 was found in our database!

This IP was reported 278 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.55.223.181

Whois 20.55.223.181

IP Abuse Reports for 20.55.223.181:

This IP address has been reported a total of 278 times from 164 distinct sources. 20.55.223.181 was first reported on August 5th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (2 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇧🇷 SOC-BR	2026-06-03 07:31:54 (2 days ago)	Attack detected by Fortinet - web_server: HTPasswd.Access - 2026-06-02 05:22:24 - Source Port 6567	Port Scan Hacking
🇧🇷 SOC PR	2026-06-03 06:33:10 (2 days ago)	IPS: Web Server Exposed Git Repository Information Disclosure.	Hacking
🇩🇪 dispaisyenterprises	2026-06-03 05:39:48 (3 days ago)	Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2087 [4], 2086 [1], 2082 [1], 2083 ... show more Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2087 [4], 2086 [1], 2082 [1], 2083 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇦🇺 HostFission	2026-06-03 04:13:14 (3 days ago)	PSAD port scan detected	Port Scan
🇷🇸 Scan	2026-06-03 02:28:06 (3 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-03 02:00:58 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 20.55.223.181 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.223.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 22:00:54.987280 2026] [security2:error] [pid 18013:tid 18036] [client 20.55.223.181:56111] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.82"] [uri "/.git/HEAD"] [unique_id "ah-K1svYBnCbbOnjsTUxjAAAAFQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 DEV-DNS	2026-06-03 01:59:30 (3 days ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
🇸🇪 NordhTech	2026-06-03 00:30:16 (3 days ago)	More than 3 malicious connection attempts, trying port(s) 8080/tcp, then blocked from services ...	Port Scan Hacking
🇺🇸 ISPLtd	2026-06-02 11:04:42 (3 days ago)	Jun 2 08:04:42 20.55.223.181 TCP SPT=6274 DPT=2087 SYN Jun 2 08:04:42 20.55.223.181 TCP SPT=5782 D ... show more Jun 2 08:04:42 20.55.223.181 TCP SPT=6274 DPT=2087 SYN Jun 2 08:04:42 20.55.223.181 TCP SPT=5782 DPT=2083 SYN Jun 2 08:04:42 20.55.223.181 TCP SPT=5761 DPT=2086 ... show less	Port Scan
Anonymous	2026-06-02 10:55:02 (3 days ago)	suspicious request in access.log	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 10:36:43 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 20.55.223.181 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.223.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 06:36:38.883676 2026] [security2:error] [pid 23641:tid 23641] [client 20.55.223.181:6023] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.45"] [uri "/.git/HEAD"] [unique_id "ah6yNo22574Ryx5jUnqJCQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 KIDOS	2026-06-02 09:49:17 (3 days ago)	IIS malicious activity: high_400_error_rate (100% of requests are 400 errors)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 09:31:34 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 20.55.223.181 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.55.223.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 05:31:27.388916 2026] [security2:error] [pid 23492:tid 23703] [client 20.55.223.181:5762] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.201"] [uri "/.git/HEAD"] [unique_id "ah6i7wjYge4aRdKFXtbrAAAAAMs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-02 09:18:38 (3 days ago)	tcp ports: 2082,2087 (2 or more attempts)	Port Scan

Showing 1 to 15 of 278 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 45.148.10.141

🇲🇽 186.96.145.241

🇸🇬 185.200.116.67

🇺🇸 172.202.122.207

🇷🇴 92.118.39.236

🇬🇧 77.98.99.60

🇺🇸 64.62.197.229

🇹🇭 171.4.216.47

🇺🇸 82.22.84.242

🇧🇬 79.124.60.146

🇫🇷 51.159.104.219

🇺🇸 2604:a940:300:5b6:0:21::

🇸🇬 165.22.252.177

🇫🇮 147.185.133.151

🇮🇳 103.123.53.88

🇨🇳 61.52.36.56

🇳🇱 45.148.10.152

🇦🇲 45.129.185.7

🇹🇷 5.25.71.131

🇺🇸 207.46.13.14