JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.81.159.7

20.81.159.7 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 25%: ?

25%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.81.159.7

Whois 20.81.159.7

IP Abuse Reports for 20.81.159.7:

This IP address has been reported a total of 15 times from 13 distinct sources. 20.81.159.7 was first reported on September 19th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 polido	2026-06-14 09:56:06 (4 days ago)	Unauthorized connection attempt to port 443 from 20.81.159.7	Port Scan
🇩🇪 femboy.cat	2026-06-14 09:52:04 (4 days ago)	Port scan to tcp/443 from 20.81.159.7	Brute-Force
🇺🇸 www.winos.me	2026-06-14 09:46:53 (4 days ago)	Shield: Layer4 Port 9 Trap	Port Scan Hacking
🇯🇵 demonsword	2026-05-10 02:34:18 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.google.com:443 show less	Open Proxy Port Scan
🇺🇸 octageeks.com	2026-04-10 04:06:41 (2 months ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇳🇴 Abuse Buster	2026-04-09 10:45:44 (2 months ago)	20.81.159.7 - - [09/Apr/2026:12:45:42 +0200] "GET /.git/config HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Wi ... show more 20.81.159.7 - - [09/Apr/2026:12:45:42 +0200] "GET /.git/config HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 20.81.159.7 - - [09/Apr/2026:12:45:42 +0200] "GET /.git/credentials HTTP/2.0" 404 22 "https://www.yahoo.com/" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 20.81.159.7 - - [09/Apr/2026:12:45:42 +0200] "GET /.git-credentials HTTP/2.0" 404 22 "https://www.reddit.com/" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 20.81.159.7 - - [09/Apr/2026:12:45:42 +0200] "GET /.gitconfig HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" ... show less	Web App Attack
Anonymous	2026-04-09 10:05:45 (2 months ago)	Blocked: Reason='Suspicious traffic score=80 (review-based detection)'; Requests=16	Hacking
Anonymous	2026-04-09 10:00:02 (2 months ago)	suspicious request in access.log	Web App Attack
🇧🇪 cmbplf	2026-04-09 08:34:00 (2 months ago)	152 requests with url.path */auth.json	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-09 07:46:54 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 20.81.159.7 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 20.81.159.7 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 03:46:47.523391 2026] [security2:error] [pid 279693:tid 279693] [client 20.81.159.7:37067] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fbgroupads.com.topgunsecurityservice.com"] [uri "/.git/config"] [unique_id "addZZ51PsPdsWFWJcVpCfQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-09 07:20:33 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 20.81.159.7 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 20.81.159.7 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 03:20:30.062530 2026] [security2:error] [pid 3543550:tid 3543700] [client 20.81.159.7:36087] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ehealthpass.com"] [uri "/.git/config"] [unique_id "addTPo6NBut8dfXx5wKVOAAAApU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 2048	2026-02-12 02:42:15 (4 months ago)	2026-02-12T03:42:11.629215+01:00 machodeer kernel: [45152.239828] [UFW BLOCK] IN=ens3 OUT= MAC=REDAC ... show more 2026-02-12T03:42:11.629215+01:00 machodeer kernel: [45152.239828] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=20.81.159.7 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=24125 DF PROTO=TCP SPT=41963 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-02-12T03:42:12.652475+01:00 machodeer kernel: [45153.263832] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=20.81.159.7 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=24126 DF PROTO=TCP SPT=41963 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-02-12T03:42:14.609228+01:00 machodeer kernel: [45155.221167] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=20.81.159.7 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=7784 DF PROTO=TCP SPT=41960 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇺🇸 quicksand	2025-12-15 21:28:32 (6 months ago)	Scraping user agent [GET /] [Python/3.9 aiohttp/3.10.6]	Bad Web Bot Web App Attack
Anonymous	2025-09-29 02:38:22 (8 months ago)	Excessive crawling/scraping	Hacking Brute-Force
Anonymous	2025-09-19 20:15:03 (8 months ago)	Excessive crawling/scraping	Hacking Brute-Force

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 194.5.82.98

🇺🇸 152.32.151.121

🇺🇸 98.249.33.7

🇷🇴 80.94.92.186

🇨🇳 58.49.26.202

🇹🇿 41.93.28.9

🇧🇷 20.226.32.175

🇺🇸 18.116.101.220

🇺🇸 104.234.53.73

🇺🇸 98.234.71.109

🇺🇸 91.230.168.208

🇹🇼 61.220.235.10

🇰🇷 59.24.133.197

🇹🇼 198.235.24.114

🇺🇸 166.145.160.128

🇮🇹 151.37.192.44

🇨🇳 121.196.230.64

🇨🇳 120.239.28.192

🇺🇸 104.234.53.70

🇷🇴 80.94.92.182