JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.14.76.131

20.14.76.131 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 45%: ?

45%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.14.76.131

Whois 20.14.76.131

IP Abuse Reports for 20.14.76.131:

This IP address has been reported a total of 28 times from 21 distinct sources. 20.14.76.131 was first reported on November 10th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 RAP	2026-06-07 19:51:32 (1 week ago)	2026-06-07 19:51:32 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇳🇱 Selckie	2026-06-07 19:04:24 (1 week ago)	fail2ban: NGINX unusual impact	Web App Attack
🇩🇪 Teufel100	2026-06-07 18:17:14 (1 week ago)	ModSecurity rejected a query'	Brute-Force Hacking Web App Attack
🇺🇸 theblocker	2026-06-07 17:02:29 (1 week ago)	Hacking Attempts	Brute-Force Hacking
🇺🇸 mashamal	2026-06-07 15:53:47 (1 week ago)	Vulnerability Probe ...	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 15:22:08 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.14.76.131 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.14.76.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 11:22:00.213493 2026] [security2:error] [pid 11305:tid 11305] [client 20.14.76.131:27991] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.202"] [uri "/.git/HEAD"] [unique_id "aiWMmLYayBfXw_BwALR2JwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 15:05:45 (1 week ago)	Fail2Ban Log Report 20.14.76.131 - [07/Jun/2026:17:05:43 +0200] "GET /.git/config HTTP/1.1" 301 162 ... show more Fail2Ban Log Report 20.14.76.131 - [07/Jun/2026:17:05:43 +0200] "GET /.git/config HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" "-" "-" ... show less	Hacking SQL Injection Web App Attack
🇧🇾 lns.bz	2026-06-07 15:02:48 (1 week ago)	Too many 404 requests [BY]	Web App Attack
🇩🇪 ValtonTahiri	2026-06-07 13:48:46 (1 week ago)	UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly as ... show more UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly associated with port scanning, service discovery, or automated internet probing. Technical: source_ip=20.14.76.131; proto=TCP; source_port=16521; target_port=9848; flags=SYN show less	Port Scan
🇯🇵 demonsword	2026-04-27 16:59:41 (1 month ago)	HTTP proxy scanner (CONNECT / open proxy probe)	Port Scan
🇳🇱 homeshowdomain.nl	2026-04-12 22:03:00 (2 months ago)	Auto-ban: >3000 req/min op 2026-04-12	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-04-12 18:42:36 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 20.14.76.131 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.14.76.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 14:42:30.609879 2026] [security2:error] [pid 2591438:tid 2591438] [client 20.14.76.131:16716] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scandicakes.com.i-spose.com"] [uri "/.git/config"] [unique_id "advnliG53SD6qY_tKbbqxAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 debestelapp	2026-04-12 16:25:07 (2 months ago)		Web App Attack
🇺🇸 interbiznw.com	2026-04-12 16:19:32 (2 months ago)	malicious-web-requests-vulnerability-scanning	Hacking Brute-Force Exploited Host Web App Attack
🇩🇪 webanyone	2026-04-12 16:16:47 (2 months ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇴 201.221.178.79

🇺🇸 165.154.255.63

🇧🇷 102.211.152.138

🇬🇧 89.37.172.131

🇳🇱 78.142.18.172

🇺🇸 69.143.145.249

🇳🇱 45.148.10.141

🇺🇸 34.122.40.94

🇨🇱 186.189.112.20

🇨🇳 111.26.67.36

🇺🇸 107.174.125.134

🇱🇹 81.30.98.158

🇺🇸 74.249.185.108

🇺🇸 69.127.208.235

🇺🇸 23.234.97.198

🇺🇸 2a04:c300:400::1cb

🇩🇪 212.30.36.228

🇨🇱 191.112.129.150

🇮🇶 169.224.116.139

🇩🇿 154.254.241.200