JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.125.176.185

20.125.176.185 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 78%: ?

78%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.125.176.185

Whois 20.125.176.185

IP Abuse Reports for 20.125.176.185:

This IP address has been reported a total of 32 times from 23 distinct sources. 20.125.176.185 was first reported on May 21st 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 Per-Erik Runebert	2026-06-17 08:39:23 (1 week ago)	Excessive unauthorized requests	Hacking
Anonymous	2026-06-17 02:27:20 (1 week ago)	Portscan: TCP/2078, TCP/2086, TCP/2096, TCP/2083, TCP/2087, TCP/2095, TCP/80, TCP/2082, TCP/443, TCP ... show more Portscan: TCP/2078, TCP/2086, TCP/2096, TCP/2083, TCP/2087, TCP/2095, TCP/80, TCP/2082, TCP/443, TCP/2077 show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-16 14:31:52 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.125.176.185 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.125.176.185 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 10:31:48.852311 2026] [security2:error] [pid 29287:tid 29287] [client 20.125.176.185:24985] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.57"] [uri "/.git/config"] [unique_id "ajFeVO5iTTEZ4fmbu-ybxQAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-16 14:06:29 (1 week ago)	Blocked by UFW (TCP on 2078) Source port: 25128 TTL: 50 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2078) Source port: 25128 TTL: 50 Packet length: 60 TOS: 0x00 This report (for 20.125.176.185) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 Axel	2026-06-16 11:31:59 (1 week ago)	Blocked by UFW on MVI [2078/tcp] \| SPT: 25573 \| TTL: 46 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2078/tcp] \| SPT: 25573 \| TTL: 46 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 MPL	2026-06-03 08:29:09 (3 weeks ago)	tcp port scan (16 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 08:07:28 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.125.176.185 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.125.176.185 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 04:07:25.032135 2026] [security2:error] [pid 8721:tid 8721] [client 20.125.176.185:22670] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.90"] [uri "/.env"] [unique_id "ah_gvQCIN0Br4WgbEpSdkQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 07:21:31 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.125.176.185 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.125.176.185 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 03:21:28.139561 2026] [security2:error] [pid 27911:tid 27911] [client 20.125.176.185:23393] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.244"] [uri "/.git/HEAD"] [unique_id "ah_V-DBsWIkuNde3leNcbQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇷 Bruno	2026-06-03 06:28:31 (3 weeks ago)	Port Scanner: 20.125.176.185	Port Scan
🇹🇼 kk_it_man	2026-06-03 06:10:12 (3 weeks ago)		Port Scan
🇬🇧 PeravixGroup	2026-06-03 05:55:45 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 gu-alvareza	2026-06-02 07:05:43 (3 weeks ago)	Spring.Boot.Actuator.Unauthorized.Access	Brute-Force
🇺🇸 SSP	2026-06-02 06:20:02 (3 weeks ago)	Automatic report from iptables firewall - detected malicious activity	DDoS Attack Brute-Force SSH Web App Attack Port Scan Hacking
🇺🇸 MPL	2026-06-02 06:04:20 (3 weeks ago)	tcp port scan (16 or more attempts)	Port Scan
🇳🇱 Savvii	2026-06-02 05:46:01 (3 weeks ago)	15 attempts against mh-modsecurity-ban on staging2	Brute-Force Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.108

🇵🇱 87.251.64.176

🇹🇷 194.116.236.41

🇺🇸 192.241.139.24

🇵🇰 182.181.202.44

🇫🇮 178.20.210.208

🇰🇷 112.217.188.122

🇨🇦 109.176.54.27

🇺🇦 91.239.232.40

🇫🇷 85.217.140.27

🇺🇿 84.54.73.24

🇺🇸 69.163.185.233

🇶🇦 34.153.64.19

🇬🇧 188.240.59.27

🇲🇽 187.191.48.4

🇺🇸 109.105.209.20

🇺🇸 71.6.199.65

🇩🇪 64.89.163.173

🇱🇹 45.227.254.170

🇺🇸 34.150.195.145