JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.125.96.154

20.125.96.154 was found in our database!

This IP was reported 111 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.125.96.154

Whois 20.125.96.154

IP Abuse Reports for 20.125.96.154:

This IP address has been reported a total of 111 times from 98 distinct sources. 20.125.96.154 was first reported on June 9th 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-13 03:46:10 (6 days ago)		Bad Web Bot
🇫🇷 andreighitan	2026-06-12 11:17:29 (1 week ago)	Coordinated attack against 84.46.253.134. Webshell scanning, PHPUnit RCE, credential harvesting, PHP ... show more Coordinated attack against 84.46.253.134. Webshell scanning, PHPUnit RCE, credential harvesting, PHP vuln scanning. Active June 7-11 2026. ZAC Bayern ref BY0257-500359-26/8. show less	Web App Attack Brute-Force
Anonymous	2026-06-12 03:46:09 (1 week ago)		Bad Web Bot
Anonymous	2026-06-11 03:46:07 (1 week ago)		Bad Web Bot
🇧🇪 taivas.nl	2026-06-10 04:32:44 (1 week ago)	Many_bad_calls	Web App Attack
Anonymous	2026-06-10 02:05:03 (1 week ago)	PHP file probing detected by Fail2Ban	Web App Attack
🇩🇪 iNetWorker	2026-06-10 00:55:47 (1 week ago)	trolling for resource vulnerabilities	Web App Attack
🇳🇱 DrLex0	2026-06-10 00:48:10 (1 week ago)	The eternal WordPress and/or random PHP poking from Azure ranges, MS is either incapable of stopping ... show more The eternal WordPress and/or random PHP poking from Azure ranges, MS is either incapable of stopping this or willingly allows it. 20.125.96.154 80 - [10/Jun/2026:00:48:09 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 2383 "-" "-" 20.125.96.154 80 - [10/Jun/2026:00:48:10 +0000] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 2383 "-" "-" show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 dzpk	2026-06-10 00:41:58 (1 week ago)	20.125.96.154 - - [10/Jun/2026:02:41:58 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.125.96.154 - - [10/Jun/2026:02:41:58 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 261 "-" "-" show less	Bad Web Bot Web App Attack
🇫🇷 phoenix1jl96	2026-06-10 00:41:05 (1 week ago)	2026/06/10 02:40:29 [error] 53582#53582: 6259 open() "/home/user-data/www/default/cgi-bin/index.php ... show more 2026/06/10 02:40:29 [error] 53582#53582: 6259 open() "/home/user-data/www/default/cgi-bin/index.php" failed (2: No such file or directory), client: 20.125.96.154, server: autodiscover.aqteeve.net, request: "GET //cgi-bin/index.php HTTP/1.1", host: "autodiscover.aqteeve.net" 2026/06/10 02:40:33 [error] 53582#53582: *6267 open() "/home/user-data/www/default/cgi-bin/admin.php" failed (2: No such file or directory), client: 20.125.96.154, server: autodiscover.aqteeve.net, request: "GET //cgi-bin/admin.php HTTP/1.1", host: "autodiscover.aqteeve.net" ... show less	DNS Compromise DNS Poisoning DDoS Attack Ping of Death Web Spam Email Spam Blog Spam Port Scan Hacking Brute-Force Bad Web Bot SSH Web App Attack
🇫🇷 ✨	2026-06-10 00:31:16 (1 week ago)	Domain : oratorishop.it Rule : hack 2026-06-10 00:29:00 *hidden-privacy* GET /admin.php - 80 - 2 ... show more Domain : oratorishop.it Rule : hack 2026-06-10 00:29:00 *hidden-privacy* GET /admin.php - 80 - 20.125.96.154 HTTP/1.1 - - oratorishop.it 301 0 0 390 50 218 - - show less	Hacking SQL Injection Brute-Force
🇩🇪 joharikop	2026-06-10 00:24:00 (1 week ago)	Nginx: WordPress/CMS probe (wp-admin, wp-login, xmlrpc). Automated ban via fail2ban nginx-cms-probes ... show more Nginx: WordPress/CMS probe (wp-admin, wp-login, xmlrpc). Automated ban via fail2ban nginx-cms-probes jail. show less	Web App Attack
🇺🇸 mnsf	2026-06-10 00:09:57 (1 week ago)	Too many Status 40X (62) Request Overload (125)	Brute-Force Web App Attack
Anonymous	2026-06-10 00:08:32 (1 week ago)	(caddyscan) Scanner path probe from 20.125.96.154 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 20.125.96.154 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 20.125.96.154 - - [10/Jun/2026:00:08:30 +0000] "GET /wp-admin/js/ HTTP/1.1" [REDACTED] 200 2627 20.125.96.154 - - [10/Jun/2026:00:08:30 +0000] "GET /wp-admin/css/colour.php HTTP/1.1" [REDACTED] 200 2627 20.125.96.154 - - [10/Jun/2026:00:08:30 +0000] "GET /wordpress/wp-admin/maint/ HTTP/1.1" [REDACTED] 200 2627 20.125.96.154 - - [10/Jun/2026:00:08:31 +0000] "GET /wp-admin/css/ HTTP/1.1" [REDACTED] 200 2627 20.125.96.154 - - [10/Jun/2026:00:08:31 +0000] "GET /wp-admin/css/colors/modern/ HTTP/1.1" show less	Port Scan
Anonymous	2026-06-10 00:01:59 (1 week ago)	20.125.96.154 - - [10/Jun/2026:02:01:40 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.125.96.154 - - [10/Jun/2026:02:01:40 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:40 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:40 +0200] "GET /x.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:41 +0200] "GET /wp-star.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:41 +0200] "GET /shll.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:41 +0200] "GET /sukce.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:41 +0200] "GET /xb.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:41 +0200] "GET /biufile.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:41 +0200] "GET /Charles.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:41 +0200] "GET /wpconf.php HTTP/1.1" 404 491 "-" "-" 20.125.96.154 - - [10/Jun/2026:02:01:42 +0200] "GET ... show less	DDoS Attack

Showing 1 to 15 of 111 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 91.92.40.176

🇳🇱 45.148.10.141

🇺🇸 34.11.74.53

🇺🇸 20.102.98.235

🇺🇸 17.22.253.66

🇧🇷 152.243.111.175

🇮🇳 111.125.240.1

🇧🇬 78.128.114.22

🇺🇸 65.49.1.142

🇳🇬 41.242.115.83

🇺🇸 2602:fa59:10:acd::1

🇧🇷 187.120.73.217

🇨🇱 186.105.232.84

🇨🇳 183.191.225.174

🇺🇸 147.185.132.112

🇳🇱 91.92.40.52

🇧🇷 45.186.158.172

🇸🇬 8.219.111.165

🇮🇩 2406:da19:776:6e00:d09:8087:2062:1876

🇭🇰 199.45.154.129