JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.83.158.33

20.83.158.33 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 59%: ?

59%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.83.158.33

Whois 20.83.158.33

IP Abuse Reports for 20.83.158.33:

This IP address has been reported a total of 22 times from 15 distinct sources. 20.83.158.33 was first reported on April 9th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mashamal	2026-06-15 01:59:52 (2 days ago)	Vulnerability Probe ...	Web App Attack
Anonymous	2026-06-15 01:41:27 (2 days ago)	[Sun Jun 14 18:41:22.890139 2026] [authz_core:error] [pid 1707655] [client 20.83.158.33:17337] AH016 ... show more [Sun Jun 14 18:41:22.890139 2026] [authz_core:error] [pid 1707655] [client 20.83.158.33:17337] AH01630: client denied by server configuration: /home/appowner/www/sec/.git [Sun Jun 14 18:41:24.098122 2026] [authz_core:error] [pid 1713516] [client 20.83.158.33:17013] AH01630: client denied by server configuration: /home/appowner/www/sec/.git [Sun Jun 14 18:41:25.059736 2026] [authz_core:error] [pid 1707680] [client 20.83.158.33:17509] AH01630: client denied by server configuration: /home/appowner/www/sec/.env [Sun Jun 14 18:41:26.082644 2026] [authz_core:error] [pid 1708197] [client 20.83.158.33:17339] AH01630: client denied by server configuration: /home/appowner/www/sec/.env.local [Sun Jun 14 18:41:26.910268 2026] [authz_core:error] [pid 1708198] [client 20.83.158.33:17305] AH01630: client denied by server configuration: /home/appowner/www/sec/.env.production ... show less	Brute-Force SSH
🇷🇸 Scan	2026-06-15 00:39:08 (2 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 Axel	2026-06-14 23:29:21 (2 days ago)	Blocked by UFW on MVI [2096/tcp] \| SPT: 16967 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2096/tcp] \| SPT: 16967 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇹🇭 Sawasdee	2026-06-14 23:17:45 (2 days ago)	Port Scan ...	Port Scan
🇺🇸 kosada.com	2026-06-14 22:56:52 (2 days ago)	Web vulnerability probing: /.env.backup (bogus vhost/SNI)	Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 00:13:30 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.83.158.33 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.83.158.33 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 20:13:23.208219 2026] [security2:error] [pid 8764:tid 8764] [client 20.83.158.33:25914] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cdsolutions.help"] [uri "/.env"] [unique_id "ag5OIxkqSrtMU7peUMB5DQAAAAQ"], referer: https://mail.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 [email protected]	2026-05-20 22:57:39 (3 weeks ago)	[Thu May 21 00:57:39.093193 2026] [authz_core:error] [pid 3825780:tid 3825853] [remote 20.83.158.33: ... show more [Thu May 21 00:57:39.093193 2026] [authz_core:error] [pid 3825780:tid 3825853] [remote 20.83.158.33:25415] AH01630: client denied by server configuration: /var/www/html/MyWeb/Intoino/.env show less	Bad Web Bot Web App Attack
Anonymous	2026-05-20 22:52:43 (3 weeks ago)	(PERMBLOCK) 20.83.158.33 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs ... show more (PERMBLOCK) 20.83.158.33 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan
🇳🇱 ipoac.nl	2026-05-20 21:51:54 (3 weeks ago)	-:443 20.83.158.33 - - [20/May/2026:23:51:53 +0200] - "GET /.git/config HTTP/2.0" 404 2019 "https:// ... show more -:443 20.83.158.33 - - [20/May/2026:23:51:53 +0200] - "GET /.git/config HTTP/2.0" 404 2019 "https://www.reddit.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" show less	Bad Web Bot
Anonymous	2026-05-20 21:51:51 (3 weeks ago)	(caddyscan) Scanner path probe from 20.83.158.33 (US/United States/-): 5 in the last 3600 secs; Port ... show more (caddyscan) Scanner path probe from 20.83.158.33 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:21:51:47 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:21:51:47 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:21:51:47 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:21:51:47 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:21:51:48 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇧🇪 cmbplf	2026-05-20 21:49:00 (3 weeks ago)	100 requests with url.path /@fs/	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-20 21:23:13 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.83.158.33 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.83.158.33 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 17:23:05.575496 2026] [security2:error] [pid 3305:tid 3305] [client 20.83.158.33:26211] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "toppress.ca"] [uri "/.env"] [unique_id "ag4mOb8t8J-NFOi0J_ivbwAAACg"], referer: https://www.facebook.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-20 20:50:20 (3 weeks ago)	(caddyscan) Scanner path probe from 20.83.158.33 (US/United States/-): 5 in the last 3600 secs; Port ... show more (caddyscan) Scanner path probe from 20.83.158.33 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:20:02:24 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:20:50:17 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:20:50:17 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:20:50:18 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 20.83.158.33 - - [20/May/2026:20:50:18 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-20 20:23:07 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.83.158.33 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.83.158.33 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 16:23:00.035340 2026] [security2:error] [pid 30963:tid 30963] [client 20.83.158.33:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ard.global"] [uri "/.env"] [unique_id "ag4YJGrZcd_SdUPFitig_wAAAAU"], referer: https://claude.ai/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.233.51.43

🇩🇪 213.209.159.231

🇻🇪 206.62.165.163

🇫🇷 185.177.72.100

🇺🇸 66.132.186.222

🇧🇪 2a00:1450:400c:c08::124

🇺🇸 216.25.89.126

🇯🇵 212.32.76.64

🇬🇧 193.32.209.234

🇺🇸 174.35.25.179

🇺🇸 162.216.150.205

🇮🇳 135.235.140.101

🇻🇳 117.1.48.236

🇰🇷 112.151.178.49

🇬🇧 89.37.172.154

🇩🇪 69.5.169.160

🇺🇸 38.59.242.211

🇧🇪 198.235.24.197

🇧🇪 198.235.24.147

🇧🇪 198.235.24.138