JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.125.176.181

20.125.176.181 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 75%: ?

75%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.125.176.181

Whois 20.125.176.181

IP Abuse Reports for 20.125.176.181:

This IP address has been reported a total of 22 times from 21 distinct sources. 20.125.176.181 was first reported on May 13th 2026, and the most recent report was 57 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇭 Sawasdee	2026-06-28 09:39:05 (57 minutes ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
Anonymous	2026-06-28 07:57:45 (2 hours ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-28 07:46:00 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.125.176.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.125.176.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 03:45:54.546621 2026] [security2:error] [pid 8427:tid 8427] [client 20.125.176.181:35289] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.223"] [uri "/.git/HEAD"] [unique_id "akDRMi9HywPj99SRhBU_QQAAACg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 cwytech	2026-06-28 07:31:39 (3 hours ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/pf-geofence-high.	Hacking
🇳🇱 SysAdmin Dylan	2026-06-28 06:36:20 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.125.176.181 (US/United States/-): 10 in the ... show more (mod_security) mod_security (id:210492) triggered by 20.125.176.181 (US/United States/-): 10 in the last 3600 secs show less	Brute-Force
🇬🇧 gws-hostmaster	2026-06-28 06:22:19 (4 hours ago)	ModSecurity OWASP CRS (Anomaly Score: 13): Host header is a numeric IP address;Restricted File Acces ... show more ModSecurity OWASP CRS (Anomaly Score: 13): Host header is a numeric IP address;Restricted File Access Attempt;URL file extension is restricted by policy; show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 05:22:48 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.125.176.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.125.176.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 01:22:43.802545 2026] [security2:error] [pid 6627:tid 6627] [client 20.125.176.181:34953] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.103"] [uri "/.git/HEAD"] [unique_id "akCvo9Cebk6mv9NKp6PwAwAAAEo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Flo Flo	2026-06-15 05:04:17 (1 week ago)	20.125.176.181 - - - [15/Jun/2026:07:04:16 +0200] "82.66.117.16" "GET /.env HTTP/1.1" 444 0 "-" "Moz ... show more 20.125.176.181 - - - [15/Jun/2026:07:04:16 +0200] "82.66.117.16" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 0.000 ... show less	Web App Attack
🇺🇸 markawes	2026-06-15 03:19:28 (1 week ago)	[markis] Auto banned by Fail2Ban. Reason: Malicious web scan / attempted access to sensitive paths. ... show more [markis] Auto banned by Fail2Ban. Reason: Malicious web scan / attempted access to sensitive paths. Evidence: 20.125.176.181 - - [15/Jun/2026:04:19:21 +0100] "GET /.env HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" 20.125.176.181 - - [15/Jun/2026:04:19:23 +0100] "GET /.env.backup HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.125.176.181 - - [15/Jun/2026:04:19:26 +0100] "GET /wp-config.php.bak HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" show less	Port Scan Hacking Web App Attack
🇩🇪 dispaisyenterprises	2026-06-15 02:39:48 (1 week ago)	Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2096 [1], 2095 [1], 2078 [1], 2083 ... show more Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2096 [1], 2095 [1], 2078 [1], 2083 [1], 2087 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇦🇹 centurion	2026-06-15 02:23:05 (1 week ago)	Unauthorized attempt on siem [2082/tcp] Source port: 12499 TTL: 42 Packet length: 60 TOS: 0x00 https ... show more Unauthorized attempt on siem [2082/tcp] Source port: 12499 TTL: 42 Packet length: 60 TOS: 0x00 https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇷🇸 Scan	2026-06-15 00:47:25 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 Axel	2026-06-15 00:23:23 (1 week ago)	Blocked by UFW on MVI [2082/tcp] \| SPT: 12417 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2082/tcp] \| SPT: 12417 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 4ensic	2026-05-25 11:37:12 (1 month ago)	May 25 06:34:21 racknerd-a34c87 sshd[478019]: pam_unix(sshd:auth): authentication failure; logname= ... show more May 25 06:34:21 racknerd-a34c87 sshd[478019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.125.176.181 user=root May 25 06:34:42 racknerd-a34c87 sshd[478030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.125.176.181 user=root May 25 06:35:03 racknerd-a34c87 sshd[478037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.125.176.181 user=root May 25 06:36:43 racknerd-a34c87 sshd[478064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.125.176.181 user=root May 25 06:36:46 racknerd-a34c87 sshd[478066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.125.176.181 user=root May 25 06:37:11 racknerd-a34c87 sshd[478093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.125.176.181 user=root ... show less	Brute-Force SSH
🇳🇱 ArtVitU	2026-05-25 11:36:51 (1 month ago)	2026-05-25T11:35:01.523751+00:00 vultr sshd[230224]: Failed password for root from 20.125.176.181 po ... show more 2026-05-25T11:35:01.523751+00:00 vultr sshd[230224]: Failed password for root from 20.125.176.181 port 12329 ssh2 2026-05-25T11:36:21.421171+00:00 vultr sshd[231409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.125.176.181 user=root 2026-05-25T11:36:23.237371+00:00 vultr sshd[231409]: Failed password for root from 20.125.176.181 port 12329 ssh2 2026-05-25T11:36:47.585951+00:00 vultr sshd[231766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.125.176.181 user=root 2026-05-25T11:36:49.974210+00:00 vultr sshd[231766]: Failed password for root from 20.125.176.181 port 12329 ssh2 ... show less	Brute-Force SSH

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇱 194.180.49.219

🇳🇱 176.65.148.228

🇨🇦 172.105.109.31

🇺🇸 162.216.149.66

🇺🇸 146.190.69.108

🇺🇸 141.11.88.9

🇨🇳 116.179.32.133

🇺🇸 91.230.168.171

🇰🇷 52.141.57.167

🇸🇬 47.128.119.175

🇫🇷 37.66.145.212

🇺🇸 20.65.168.78

🇺🇸 205.210.31.73

🇱🇹 185.169.4.181

🇨🇴 179.32.33.161

🇧🇷 152.67.46.203

🇭🇰 116.48.151.58

🇨🇳 113.31.104.188

🇺🇸 91.230.168.76

🇫🇷 77.237.246.32