JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.125.176.176

20.125.176.176 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 78%: ?

78%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.125.176.176

Whois 20.125.176.176

IP Abuse Reports for 20.125.176.176:

This IP address has been reported a total of 25 times from 23 distinct sources. 20.125.176.176 was first reported on June 2nd 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇪 Selckie	2026-06-15 15:04:24 (5 days ago)	fail2ban: NGINX unusual impact	Web App Attack
🇭🇰 sandra361	2026-06-11 07:08:22 (1 week ago)	Port scan detected: 10 attempts across 10 ports (10000,2077,2078,2083,2095,2096,443,5000,8443,9000). ... show more Port scan detected: 10 attempts across 10 ports (10000,2077,2078,2083,2095,2096,443,5000,8443,9000). \| Evidence: GHOST_SCAN: IN=eth0 SRC=20.125.176.176 LEN=60 TOS=0x14 PREC=0x00 TTL=41 ID=42386 DF PROTO=TCP SPT=46976 DPT=2083 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇪 Da_tschek	2026-06-03 18:54:58 (2 weeks ago)	Port scanning	Port Scan Hacking
🇺🇸 billfor	2026-06-03 06:51:58 (2 weeks ago)	20.125.176.176 - - [03/Jun/2026:02:51:55 -0400] "GET /.env.production HTTP/1.1" 404 0 "-" "Mozilla/5 ... show more 20.125.176.176 - - [03/Jun/2026:02:51:55 -0400] "GET /.env.production HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" show less	Web App Attack
Anonymous	2026-06-03 06:16:48 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-03 05:56:46 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.125.176.176 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.125.176.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:56:42.234527 2026] [security2:error] [pid 7431:tid 7431] [client 20.125.176.176:33955] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.90"] [uri "/.env.production"] [unique_id "ah_CGuIq3qNGdEDmw4lUrgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 05:16:09 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.125.176.176 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.125.176.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:16:05.094860 2026] [security2:error] [pid 19010:tid 19010] [client 20.125.176.176:35267] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.32"] [uri "/.env.local"] [unique_id "ah-4lTSz6e98Pu-PwUZEyQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 SeczarSecureOps	2026-06-03 04:22:28 (2 weeks ago)	Seczar SecureOps — Port Scan Detection (7 events) — quarantined 43200m on fgdcapi	Port Scan
🇧🇷 SOC Blue Team	2026-06-02 23:26:07 (2 weeks ago)	IPs get by Hunting on SIEM	Phishing Web Spam Port Scan Hacking
🇹🇷 Threat.live	2026-06-02 22:25:04 (2 weeks ago)	Suspicious Connection Attempts	Brute-Force
🇳🇱 tmiland	2026-06-02 20:00:12 (2 weeks ago)	(nginx_404) Dot directory Honeypot Trap 20.125.176.176 (US/United States/-): 2 in the last 3600 secs ... show more (nginx_404) Dot directory Honeypot Trap 20.125.176.176 (US/United States/-): 2 in the last 3600 secs; IP: 20.125.176.176; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 20.125.176.176 - - [02/Jun/2026:22:00:04 +0200] "GET /.git/HEAD HTTP/1.1" 404 2992 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" 20.125.176.176 - - [02/Jun/2026:22:00:07 +0200] "GET /.git/config HTTP/1.1" 404 2992 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" show less	Brute-Force
Anonymous	2026-06-02 19:37:34 (2 weeks ago)	Drop from IP address 20.125.176.176 to tcp-port 2087	Port Scan
🇬🇧 PeravixGroup	2026-06-02 06:37:39 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
Anonymous	2026-06-02 06:22:43 (2 weeks ago)	20.125.176.176 detected on srv01	Port Scan

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 167.94.146.41

🇫🇷 161.97.120.146

🇳🇱 134.122.48.159

🇨🇳 123.54.68.91

🇺🇸 100.49.117.77

🇭🇰 42.200.78.166

🇻🇳 14.225.206.187

🇬🇧 198.244.168.106

🇸🇬 194.5.82.143

🇩🇪 172.217.33.212

🇫🇷 159.26.112.58

🇩🇪 151.243.11.35

🇺🇸 138.197.38.141

🇸🇪 80.244.95.82

🇧🇬 79.124.49.174

🇱🇹 62.60.130.241

🇳🇱 45.148.10.152

🇧🇪 34.52.215.235

🇦🇱 31.171.155.134

🇺🇸 20.64.105.167