JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.169.77.166

20.169.77.166 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 76%: ?

76%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.169.77.166

Whois 20.169.77.166

IP Abuse Reports for 20.169.77.166:

This IP address has been reported a total of 31 times from 24 distinct sources. 20.169.77.166 was first reported on April 6th 2026, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mw	2026-06-09 00:21:42 (16 hours ago)	Web App Attack	Web App Attack
🇧🇷 SOC-BR	2026-06-08 07:25:39 (1 day ago)	Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-07 1 ... show more Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-07 12:31:36 - Source Port 58302 show less	Port Scan Hacking
Anonymous	2026-06-08 04:25:19 (1 day ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 mw	2026-06-08 00:20:33 (1 day ago)	Web App Attack	Web App Attack
🇨🇦 lakered	2026-06-07 20:39:21 (1 day ago)	Detectors: [NGINX] \| Reasons: Nginx Honeypot: Sensitive configuration file search \| Automated scan t ... show more Detectors: [NGINX] \| Reasons: Nginx Honeypot: Sensitive configuration file search \| Automated scan targeting an unauthorized host or default server sinkhole \| Tech Evidence: Incomplete-Browser-Profile (Missing: Accept, Accept-Language), Fake-Chrome-Desktop (No-CH) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 show less	Port Scan Bad Web Bot Hacking Web App Attack
🇺🇸 RAP	2026-06-07 19:18:25 (1 day ago)	2026-06-07 19:18:25 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇬🇧 PeravixGroup	2026-06-07 18:40:01 (1 day ago)	Imunify360 WAF block (graylisted)	Web App Attack
🇹🇷 Threat.live	2026-06-07 17:55:03 (1 day ago)	Threat.live: Web Scan	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 17:46:51 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.169.77.166 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.169.77.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:46:45.009800 2026] [security2:error] [pid 20709:tid 20709] [client 20.169.77.166:57652] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.15"] [uri "/.git/HEAD"] [unique_id "aiWuherCNjHOH1_CJQgy0AAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Mainpine	2026-06-07 17:37:18 (1 day ago)	probing for vulnerable web apps	Web App Attack
Anonymous	2026-06-07 16:32:33 (1 day ago)	Requested unexistent endpoint (Wordpress login, etc.)	Web App Attack
🇫🇮 Erpelstolz	2026-06-07 16:25:49 (1 day ago)	external host: 20.169.77.166 - - [07/Jun/2026:18:25:48 +0200] "GET /.git/HEAD HTTP/1.1" 403 261 "-" ... show more external host: 20.169.77.166 - - [07/Jun/2026:18:25:48 +0200] "GET /.git/HEAD HTTP/1.1" 403 261 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" CF-Ray:- CF-IP:- show less	Web App Attack
🇦🇺 PetePK	2026-06-07 15:29:03 (2 days ago)	Probed 8 time(s): TCP/8443, TCP/443, TCP/2087, TCP/2082, TCP/8080, TCP/80, TCP/2083, TCP/2086	Port Scan
🇩🇪 2048	2026-05-13 09:03:32 (3 weeks ago)	2026-05-13T11:03:30.056178+02:00 machodeer kernel: [1370926.573130] [UFW BLOCK] IN=ens3 OUT= MAC=RED ... show more 2026-05-13T11:03:30.056178+02:00 machodeer kernel: [1370926.573130] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=20.169.77.166 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=57134 DF PROTO=TCP SPT=55336 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-05-13T11:03:31.067581+02:00 machodeer kernel: [1370927.584519] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=20.169.77.166 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=57135 DF PROTO=TCP SPT=55336 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-05-13T11:03:32.057864+02:00 machodeer kernel: [1370928.574838] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=20.169.77.166 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=57360 DF PROTO=TCP SPT=55337 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇯🇵 demonsword	2026-05-13 04:07:21 (3 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.binance.com:443 show less	Open Proxy Port Scan

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 202.145.0.18

🇺🇸 174.103.171.70

🇸🇬 43.172.194.180

🇨🇳 42.51.25.76

🇺🇸 208.80.248.242

🇳🇱 185.242.226.71

🇳🇱 176.65.139.130

🇩🇪 152.53.22.186

🇺🇸 147.185.132.96

🇮🇳 94.136.188.99

🇨🇦 85.217.149.43

🇱🇹 81.30.98.158

🇫🇷 62.84.186.195

🇬🇧 51.75.161.33

🇮🇩 36.84.28.67

🇺🇸 34.41.37.6

🇰🇷 211.106.133.202

🇵🇱 194.180.49.218

🇵🇱 194.180.49.71

🇬🇧 193.163.125.145