JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.81.159.114

20.81.159.114 was found in our database!

This IP was reported 77 times. Confidence of Abuse is 88%: ?

88%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.81.159.114

Whois 20.81.159.114

IP Abuse Reports for 20.81.159.114:

This IP address has been reported a total of 77 times from 57 distinct sources. 20.81.159.114 was first reported on September 7th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 kuroneko_omu	2026-06-15 16:51:01 (1 day ago)	[autoreport] Probably Web App attack (eg. wp, phpmyadmin, ...)	Hacking Brute-Force Web App Attack
🇳🇱 knock	2026-06-15 08:03:56 (1 day ago)	Knock-Knock honeypot brute-force: proto8 (56 total hits)	Brute-Force
🇺🇸 kuroneko_omu	2026-06-15 07:47:39 (1 day ago)	Fail2Ban <webattack> jail detected 5 attempts against 20.81.159.114.	DDoS Attack Hacking Brute-Force Web App Attack
🇫🇮 Yachiyo Runami	2026-06-14 22:26:24 (2 days ago)	Port Scan on Honeypot \| Ports: 80/HTTP \| Proto: TCP(1) \| Flags: all SYN \| TTL: 46 \| Len: 60B \| Win: ... show more Port Scan on Honeypot \| Ports: 80/HTTP \| Proto: TCP(1) \| Flags: all SYN \| TTL: 46 \| Len: 60B \| Win: 64240(1) \| F2B/ufw-honeypot@2026-06-14T22:26:24Z show less	Port Scan Hacking
🇺🇸 Axel	2026-06-14 19:58:21 (2 days ago)	Blocked by UFW on MVI [2078/tcp] \| SPT: 29925 \| TTL: 49 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2078/tcp] \| SPT: 29925 \| TTL: 49 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 MPL	2026-06-14 18:59:45 (2 days ago)	tcp port scan (10 or more attempts)	Port Scan
🇺🇸 MPL	2026-06-14 17:24:28 (2 days ago)	tcp port scan (3 or more attempts)	Port Scan
Anonymous	2026-06-14 17:00:21 (2 days ago)	[Sun Jun 14 19:00:19.796616 2026] [access_compat:error] [pid 1466404:tid 1466404] [client 20.81.159. ... show more [Sun Jun 14 19:00:19.796616 2026] [access_compat:error] [pid 1466404:tid 1466404] [client 20.81.159.114:29763] AH01797: client denied by server configuration: /var/www/html/.git [Sun Jun 14 19:00:20.774814 2026] [access_compat:error] [pid 1619345:tid 1619345] [client 20.81.159.114:29766] AH01797: client denied by server configuration: /var/www/html/.env ... show less	Bad Web Bot Web App Attack
🇺🇸 gu-alvareza	2026-06-03 07:05:29 (1 week ago)	Spring.Boot.Actuator.Unauthorized.Access	Brute-Force
🇺🇸 kelliwic.net	2026-06-03 06:55:26 (1 week ago)	Port scan detected (F2B)	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 06:36:00 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.81.159.114 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.81.159.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:35:53.950459 2026] [security2:error] [pid 31348:tid 31348] [client 20.81.159.114:8672] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.190"] [uri "/.git/HEAD"] [unique_id "ah_LSXqrCLK2gcptELo79wAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 06:19:59 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.81.159.114 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.81.159.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:19:54.306672 2026] [security2:error] [pid 24295:tid 24295] [client 20.81.159.114:8793] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.15"] [uri "/.git/HEAD"] [unique_id "ah_HiiH6Q7JxF74JbV03-wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇾 lns.bz	2026-06-03 06:17:22 (2 weeks ago)	.env scanning [BY]	Web App Attack
🇺🇸 donarev419	2026-06-03 05:59:30 (2 weeks ago)	Port scan detected on port 2086 (connection without data transfer)	Port Scan
🇺🇸 MPL	2026-06-03 05:46:12 (2 weeks ago)	tcp port scan (7 or more attempts)	Port Scan

Showing 1 to 15 of 77 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 2001:448a:1041:69e6:f059:8bff:fe82:e783

🇹🇼 198.235.24.100

🇬🇧 193.163.125.184

🇫🇷 62.171.146.116

🇫🇷 51.68.34.131

🇳🇱 45.148.10.152

🇹🇷 212.68.58.7

🇮🇳 182.95.186.22

🇺🇸 172.236.96.75

🇫🇷 144.91.88.114

🇰🇿 95.82.81.142

🇷🇴 80.94.92.177

🇨🇦 207.219.221.101

🇺🇸 173.239.224.27

🇺🇸 147.185.132.8

🇨🇳 123.245.84.149

🇸🇬 114.119.156.175

🇸🇬 103.187.146.33

🇺🇸 95.164.158.50

🇺🇸 74.249.178.165