AbuseIPDB » 20.91.140.130

20.91.140.130 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 71%: ?

71%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	Sweden
City	Gavle, Gavleborg

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 20.91.140.130

Whois 20.91.140.130

IP Abuse Reports for 20.91.140.130:

This IP address has been reported a total of 43 times from 17 distinct sources. 20.91.140.130 was first reported on June 20th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
www.Examensfragen.de	2025-07-02 07:32:03 (1 week ago)		Web Spam Bad Web Bot
sc user	2025-06-29 06:45:55 (1 week ago)	(mod_security) mod_security triggered on hostname [redacted] 20.91.140.130 (SE/Sweden/-)	SQL Injection
archiv-pm	2025-06-29 04:09:07 (1 week ago)	Probing for resource vulnerabilities HTTP(S)	Web App Attack
TPI-Abuse	2025-06-28 22:03:47 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 28 18:03:39.619672 2025] [security2:error] [pid 3856078:tid 3856078] [client 20.91.140.130:35528] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stablechase.com"] [uri "/web.config"] [unique_id "aGBmu5dS9U7q2LKlSrCjeQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
BlueWire Hosting	2025-06-28 20:10:08 (1 week ago)	Scanning for Laravel vulnerabilities	Web App Attack
masterguru	2025-06-28 12:22:09 (1 week ago)	Restricted File Access Attempt. Matched phrase "/.env" at REQUEST_FILENAME. (930130-122)	Hacking Web App Attack
TPI-Abuse	2025-06-28 08:38:48 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 28 04:38:43.745700 2025] [security2:error] [pid 2513214:tid 2513214] [client 20.91.140.130:40530] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.robcohn.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.robcohn.com"] [uri "/db_dump.sql"] [unique_id "aF-qE_POh1kMSaljMkjmqQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-06-28 04:06:06 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 28 00:05:59.741130 2025] [security2:error] [pid 1977416:tid 1977460] [client 20.91.140.130:35998] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|intartists.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "intartists.com"] [uri "/danielsrecitalhall.org/index.html/db_dump.sql"] [unique_id "aF9qJ_MkhfnMsbbzZXobFQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Tripwire	2025-06-28 03:53:54 (1 week ago)	Scanning for exploits - /.env.local	Web App Attack
Mangelot Hosting	2025-06-27 14:29:06 (1 week ago)	(bad_user_agent) srv104 Bad User-Agent 20.91.140.130 (SE/Sweden/-): 10 in the last 3600 secs; Ports: ... show more(bad_user_agent) srv104 Bad User-Agent 20.91.140.130 (SE/Sweden/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
Anonymous	2025-06-27 07:43:26 (1 week ago)	BIDSODE WEBEXPLOIT 20.91.140.130 (20.91.140.130)	Web App Attack
TPI-Abuse	2025-06-26 12:14:34 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 26 08:14:30.529984 2025] [security2:error] [pid 1371977:tid 1371977] [client 20.91.140.130:50694] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "travelsupersonic.com"] [uri "/.env"] [unique_id "aF05pltcEgeBrDtYGGs9fAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Mangelot Hosting	2025-06-26 11:17:23 (1 week ago)	(bad_user_agent) srv102 Bad User-Agent 20.91.140.130 (SE/Sweden/-): 10 in the last 3600 secs; Ports: ... show more(bad_user_agent) srv102 Bad User-Agent 20.91.140.130 (SE/Sweden/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
Anonymous	2025-06-26 04:05:06 (2 weeks ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
TPI-Abuse	2025-06-26 02:11:10 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 20.91.140.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 25 22:11:05.628486 2025] [security2:error] [pid 1071206:tid 1071206] [client 20.91.140.130:49186] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kraftrentals.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kraftrentals.com"] [uri "/db_dump.sql"] [unique_id "aFysOVMxsoICVTGWWli6mgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 43 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

20.171.207.125

35.203.211.223

147.185.132.226

35.243.219.50

191.223.75.89

222.172.32.246

35.203.211.155

135.237.126.163

123.195.61.232

73.246.243.166

103.142.184.54

117.200.7.100

211.75.157.190

18.97.5.48

1.223.181.84

91.196.152.36

198.235.24.126

117.200.36.57

181.56.255.246

59.183.64.223