AbuseIPDB » 20.121.191.177

20.121.191.177 was found in our database!

This IP was reported 48 times. Confidence of Abuse is 76%: ?

76%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 20.121.191.177

Whois 20.121.191.177

IP Abuse Reports for 20.121.191.177:

This IP address has been reported a total of 48 times from 35 distinct sources. 20.121.191.177 was first reported on June 4th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
mawan	2025-06-30 16:31:26 (2 weeks ago)	Suspected of having performed illicit activity on LAX server.	Web App Attack
MarkGGN	2025-06-29 15:51:41 (2 weeks ago)	Webexploits. 20.121.191.177 - - [29/Jun/2025:17:50:14 +0200] "GET /config.php HTTP/2.0" 404 16 "-" " ... show moreWebexploits. 20.121.191.177 - - [29/Jun/2025:17:50:14 +0200] "GET /config.php HTTP/2.0" 404 16 "-" "curl/8.5.0" 20.121.191.177 - - [29/Jun/2025:17:51:40 +0200] "GET /backup.zip HTTP/2.0" 404 146 "-" "curl/8.5.0" show less	Brute-Force Bad Web Bot Web App Attack
cmbplf	2025-06-29 02:24:02 (2 weeks ago)	109 requests with url.path *phpinfo.php	Brute-Force Bad Web Bot
ddw	2025-06-28 11:13:38 (2 weeks ago)	ModSecurity detection - Rules: 930130(Restricted File Access Attempt)	Web App Attack
iNetWorker	2025-06-28 01:22:13 (2 weeks ago)	trolling for resource vulnerabilities	Web App Attack
Anonymous	2025-06-25 16:30:22 (2 weeks ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
BlueWire Hosting	2025-06-25 04:10:10 (2 weeks ago)	Scanning for Laravel vulnerabilities	Web App Attack
BlueWire Hosting	2025-06-23 20:10:25 (3 weeks ago)	Probing for application vulnerabilities	Brute-Force Web App Attack
Anonymous	2025-06-23 18:42:33 (3 weeks ago)	Bot / scanning and/or hacking attempts: GET / HTTP/2.0, [1/1] done, GET /phpinfo.php HTTP/1.1	Hacking Web App Attack
Kreapptivo	2025-06-23 18:10:46 (3 weeks ago)	20.121.191.177 - - [23/Jun/2025:20:10:42 +0200] "GET /.git/config HTTP/2.0" 404 1713 "-" "curl/8.5.0 ... show more20.121.191.177 - - [23/Jun/2025:20:10:42 +0200] "GET /.git/config HTTP/2.0" 404 1713 "-" "curl/8.5.0" show less	Bad Web Bot Web App Attack
masterguru	2025-06-23 16:42:56 (3 weeks ago)	Restricted File Access Attempt. Matched phrase "/.env" at REQUEST_FILENAME. (930130-122)	Hacking Web App Attack
kosada.com	2025-06-22 22:29:09 (3 weeks ago)	Web vulnerability probing	Web App Attack
TPI-Abuse	2025-06-22 18:46:17 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.121.191.177 (-): 1 in the last 300 secs; Por ... show more(mod_security) mod_security (id:210492) triggered by 20.121.191.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 22 14:46:13.495913 2025] [security2:error] [pid 1559531:tid 1559531] [client 20.121.191.177:33010] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.testrong.com"] [uri "/web.config"] [unique_id "aFhPdTmrBaafYAGFuTMBEAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
backslash	2025-06-22 16:55:03 (3 weeks ago)	block ruleset bad bot: misc bad content F608233CC4C86EE814CE8DDDA9C4A0D3C79882F6	Bad Web Bot
TPI-Abuse	2025-06-22 06:40:53 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 20.121.191.177 (-): 1 in the last 300 secs; Por ... show more(mod_security) mod_security (id:210730) triggered by 20.121.191.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 22 02:40:46.358932 2025] [security2:error] [pid 1507867:tid 1507867] [client 20.121.191.177:45888] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|backstore.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "backstore.com"] [uri "/dump.sql"] [unique_id "aFelbum_IqGo106vUF4a8gAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 48 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

101.68.126.138

47.239.3.25

223.113.128.132

103.130.219.128

2a06:4882:7000::8a

45.129.86.64

200.46.125.168

175.203.32.197

8.138.0.113

111.18.171.227

190.185.188.67

92.118.39.71

193.163.125.196

101.126.67.255

176.65.150.55

198.235.24.167

128.199.70.247

223.240.125.122

180.241.181.142

80.94.95.229