JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.55.86.180

20.55.86.180 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 80%: ?

80%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.55.86.180

Whois 20.55.86.180

IP Abuse Reports for 20.55.86.180:

This IP address has been reported a total of 21 times from 20 distinct sources. 20.55.86.180 was first reported on June 18th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 MatStef132	2026-06-03 06:50:23 (1 day ago)	MatShield L7: blocked on 89.144.32.3 (secret-path-probe)	DDoS Attack
🇺🇸 TPI-Abuse	2026-06-03 06:43:59 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.55.86.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.55.86.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:43:52.392063 2026] [security2:error] [pid 10379:tid 10379] [client 20.55.86.180:1113] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.9"] [uri "/.env"] [unique_id "ah_NKDtUcYqJwqrQVKLoIwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 06:09:40 (1 day ago)	Web App Attack	Brute-Force Exploited Host Web App Attack
🇫🇮 Kimmo Rieskaniemi	2026-06-03 04:55:29 (1 day ago)	CrowdSec triggered crowdsecurity/http-probing	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-03 04:13:29 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.55.86.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.55.86.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:13:24.591314 2026] [security2:error] [pid 12475:tid 12475] [client 20.55.86.180:1855] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.187"] [uri "/.git/HEAD"] [unique_id "ah-p5EQmpWlYtzTEfEyU7gAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Blexyel	2026-06-03 04:01:35 (1 day ago)	20.55.86.180 - - [03/Jun/2026:06:01:35 +0200] "GET /.git/config HTTP/1.1" 301 169 "-" "Mozilla/5.0 ( ... show more 20.55.86.180 - - [03/Jun/2026:06:01:35 +0200] "GET /.git/config HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" "136.243.2.38" ... show less	Brute-Force Web App Attack
🇳🇱 tpjg	2026-06-03 03:44:16 (1 day ago)	Automated: 15 requests with error status in 120s window from 20.55.86.180. Evidence: /app/config/par ... show more Automated: 15 requests with error status in 120s window from 20.55.86.180. Evidence: /app/config/parameters.yml:404,/config.php:404,/.DS_Store:404,/actuator/env:404,/server-status:404,/phpinfo.php:301,/config/database.yml:404,/.aws/credentials:404,/wp-config.php.bak:404,/.env.save:301,/.env.production:301,/.env.local:404,/.env:404,/.git/config:301,/.git/HEAD:404 show less	Web App Attack
Anonymous	2026-06-03 03:44:05 (1 day ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇫🇷 ingroscart.it	2026-06-03 03:07:18 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 20.55.86.180 (US/United States/-)	SQL Injection
🇫🇷 dynamix	2026-06-03 03:01:51 (1 day ago)	Multiple WAF Violations	Web App Attack
🇺🇸 RAP	2026-06-01 10:30:27 (2 days ago)	2026-06-01 10:30:27 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇷🇸 Scan	2026-06-01 08:34:59 (2 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
Anonymous	2026-06-01 07:07:55 (3 days ago)	unsolicited connect TCP dport 8080 (sport 11296)	Hacking
🇺🇸 Rayulcifer	2026-04-13 05:04:50 (1 month ago)	20.55.86.180 - - [13/Apr/2026:00:04:48 -0500] "GET https://858969.xyz HTTP/1.1" 200 90579 "-" "Mozil ... show more 20.55.86.180 - - [13/Apr/2026:00:04:48 -0500] "GET https://858969.xyz HTTP/1.1" 200 90579 "-" "Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36" 20.55.86.180 - - [13/Apr/2026:00:04:48 -0500] "GET https://858969.xyz HTTP/1.1" 200 90579 "-" "Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 octageeks.com	2026-04-09 04:08:18 (1 month ago)	Wordpress malicious attack:[octablocked]	Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.61

🇬🇧 145.40.159.201

🇨🇳 101.201.117.125

🇰🇷 14.49.178.90

🇬🇧 195.206.182.201

🇹🇭 182.52.131.112

🇺🇸 162.216.149.78

🇱🇹 141.98.9.70

🇻🇳 103.154.62.14

🇩🇪 69.5.169.126

🇩🇪 69.5.169.110

🇩🇪 69.5.169.12

🇸🇬 47.84.110.38

🇺🇸 2.56.191.230

🇮🇳 168.144.157.130

🇮🇳 152.32.158.74

🇺🇸 152.32.150.236

🇳🇱 107.189.27.179

🇷🇴 80.94.92.177

🇺🇸 68.196.83.111