JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.172.37.230

20.172.37.230 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.172.37.230

Whois 20.172.37.230

IP Abuse Reports for 20.172.37.230:

This IP address has been reported a total of 29 times from 24 distinct sources. 20.172.37.230 was first reported on May 24th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 RAP	2026-06-06 13:52:51 (2 hours ago)	2026-06-06 13:52:51 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇺🇸 MPL	2026-06-06 12:43:12 (3 hours ago)	tcp port scan (16 or more attempts)	Port Scan
🇩🇪 Richie	2026-06-06 11:58:00 (4 hours ago)	[HOST1] Port Scan detected	Port Scan
🇨🇭 TheCoon	2026-06-05 14:30:01 (1 day ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (2 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇧🇪 boxed-it	2026-06-03 06:25:14 (3 days ago)	GET /.git/HEAD (Tarpitted for , wasted 120B)	Web App Attack
🇺🇸 Mainpine	2026-06-03 04:19:43 (3 days ago)	probing for vulnerable web apps	Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-03 04:11:37 (3 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-mnz6-1)	Hacking Bad Web Bot
🇺🇸 NXTwoThou	2026-06-03 04:08:27 (3 days ago)	/___proxy_subdomain_whm/login/%3Flogin_only=1	Web App Attack
🇦🇺 2000cn.com.au	2026-06-03 03:56:52 (3 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 natdem.org	2026-06-03 03:52:46 (3 days ago)	Web: .env file probe, Git repository probe, WordPress config probe	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-03 03:25:57 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 20.172.37.230 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.172.37.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:25:55.825097 2026] [security2:error] [pid 1029901:tid 1029901] [client 20.172.37.230:5019] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "74.117.112.231"] [uri "/.git/HEAD"] [unique_id "ah-ew_TPMwkoS-uJpUtscQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 Blinker73	2026-06-03 03:22:35 (3 days ago)	2026-06-02T23:22 kernel: OUT= SRC=20.172.37.230 LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=49382 DF P ... show more 2026-06-02T23:22 kernel: OUT= SRC=20.172.37.230 LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=49382 DF PROTO=TCP SPT=5017 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-02T23:22 kernel: OUT= SRC=20.172.37.230 LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=50355 DF PROTO=TCP SPT=5004 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-02T23:22 kernel: OUT= SRC=20.172.37.230 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=23120 DF PROTO=TCP SPT=4998 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP= show less	Port Scan
🇩🇪 Yachiyo Runami	2026-06-03 03:08:30 (3 days ago)	Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 36-4 ... show more Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 36-43 \| Len: 60B(2x) \| Win: 64240(2) \| F2B/ufw-honeypot@2026-06-03T03:08:30Z show less	Port Scan Hacking
🇩🇪 _ArminS_	2026-06-03 03:04:51 (3 days ago)	WEB-Scan 4940:80 detected 2026.06.03 05:04:51 blocked until 2026.07.22 22:07:38	Port Scan

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 177.94.206.205

🇷🇺 172.69.50.239

🇨🇳 116.205.116.126

🇺🇸 66.132.195.64

🇦🇷 64.145.79.75

🇸🇬 47.128.18.135

🇯🇵 47.74.22.38

🇳🇱 45.198.224.141

🇲🇽 189.203.163.10

🇧🇷 177.200.41.104

🇮🇹 151.47.73.236

🇻🇳 118.70.182.193

🇮🇪 98.71.8.129

🇭🇰 65.181.88.245

🇳🇱 45.142.193.8

🇻🇳 14.225.217.138

🇧🇩 2a09:bac1:b40:518::4d5:5

🇺🇸 172.172.196.177

🇻🇳 152.32.250.188

🇺🇸 20.127.185.37