JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.25.151.118

20.25.151.118 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.25.151.118

Whois 20.25.151.118

IP Abuse Reports for 20.25.151.118:

This IP address has been reported a total of 41 times from 32 distinct sources. 20.25.151.118 was first reported on April 3rd 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (11 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇪 ITSNF	2026-06-03 09:50:02 (1 day ago)	Blocked by OPNsense firewall; 3 hits, proto=tcp, ports=2083,2086,80	Port Scan Hacking
🇺🇸 xmission.com	2026-06-03 09:49:42 (1 day ago)	Blocked by UFW (TCP on 2087) Source port: 21201 TTL: 51 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 21201 TTL: 51 Packet length: 60 TOS: 0x00 This report (for 20.25.151.118) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇹🇷 Threat.live	2026-06-03 09:15:02 (1 day ago)	Suspicious Connection Attempts	Brute-Force
🇮🇩 Konaa	2026-06-03 09:13:10 (1 day ago)	Jun 03 16:12:40 rapi wings[1730548]: 2026/06/03 16:12:40 http: TLS handshake error from 20.25.151.11 ... show more Jun 03 16:12:40 rapi wings[1730548]: 2026/06/03 16:12:40 http: TLS handshake error from 20.25.151.118:19991: EOF Jun 03 16:12:43 rapi wings[1730548]: 2026/06/03 16:12:43 http: TLS handshake error from 20.25.151.118:20020: EOF Jun 03 16:12:50 rapi wings[1730548]: 2026/06/03 16:12:50 http: TLS handshake error from 20.25.151.118:19992: EOF Jun 03 16:12:50 rapi wings[1730548]: 2026/06/03 16:12:50 http: TLS handshake error from 20.25.151.118:19977: EOF Jun 03 16:12:52 rapi wings[1730548]: 2026/06/03 16:12:52 http: TLS handshake error from 20.25.151.118:19976: EOF show less	Brute-Force Port Scan
🇬🇧 Andrew	2026-06-03 07:06:38 (1 day ago)	Blocked by UFW (TCP on port 80). Source port: 21142 TTL: 39 Packet length: 60 TOS: 0x00 This report ... show more Blocked by UFW (TCP on port 80). Source port: 21142 TTL: 39 Packet length: 60 TOS: 0x00 This report (for 20.25.151.118) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 RAP	2026-06-03 05:20:05 (1 day ago)	2026-06-03 05:20:05 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇳🇱 Yachiyo Runami	2026-06-03 04:09:11 (1 day ago)	Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 46 \| ... show more Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 46 \| Len: 60B(2x) \| Win: 64240(2) \| F2B/ufw-honeypot@2026-06-03T04:09:11Z show less	Port Scan Hacking
🇹🇼 tyetriiix	2026-06-03 04:00:33 (1 day ago)	Wazuh Alert Evidence: 20.25.151.118 - - [03/Jun/2026:04:00:31 +0000] "GET /wp-config.php.bak HTTP/1. ... show more Wazuh Alert Evidence: 20.25.151.118 - - [03/Jun/2026:04:00:31 +0000] "GET /wp-config.php.bak HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" "-" Origin: "-" CORS_Header: "-" Sent_allow_origin: "-" show less	Web App Attack
🇸🇰 EVISION	2026-06-03 03:57:17 (1 day ago)	Automatic report from EV firewall log. https://github.com/Ragnarocek/Windows_FW_AbuseIPDB_Reporti ... show more Automatic report from EV firewall log. https://github.com/Ragnarocek/Windows_FW_AbuseIPDB_Reporting ID: kvQlZMwhIYqFjDJpFbJDlGicoJpWzuOR show less	Port Scan Hacking Brute-Force
🇫🇷 sthoyer.de	2026-06-03 03:43:18 (1 day ago)	Jun 3 05:43:16 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd: ... show more Jun 3 05:43:16 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=20.25.151.118 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28654 DF PROTO=TCP SPT=10262 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 3 05:43:16 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=20.25.151.118 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7149 DF PROTO=TCP SPT=10244 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 3 05:43:16 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=20.25.151.118 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25147 DF PROTO=TCP SPT=10260 DPT=2083 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 3 05:43:16 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=20.25.151.118 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24167 DF PROTO=TCP SPT=10243 DPT=2086 WINDOW= ... show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 03:30:52 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.25.151.118 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.25.151.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:30:46.010445 2026] [security2:error] [pid 25644:tid 25644] [client 20.25.151.118:50902] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.192"] [uri "/.env"] [unique_id "ah-f5jcGOs29i9kvLVqKdAAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 02:24:55 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.25.151.118 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.25.151.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 22:24:49.721266 2026] [security2:error] [pid 29881:tid 29881] [client 20.25.151.118:50319] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.200"] [uri "/.git/HEAD"] [unique_id "ah-QcfLVYs8cvhrLaVkasgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 01:33:56 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.25.151.118 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.25.151.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:33:51.520095 2026] [security2:error] [pid 23413:tid 23413] [client 20.25.151.118:50890] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.55"] [uri "/.git/config"] [unique_id "ah-Efzu3vj6K7RksQuRLmwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Scan	2026-06-03 01:09:35 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 180.76.57.208

🇭🇰 119.246.15.94

🇳🇱 45.142.193.33

🇨🇳 118.196.116.42

🇮🇩 103.41.247.76

🇸🇬 68.183.236.1

🇮🇪 51.37.119.146

🇲🇾 47.250.47.28

🇧🇾 178.120.11.156

🇫🇮 147.185.133.245

🇫🇮 147.185.133.5

🇵🇭 112.198.130.112

🇸🇬 103.250.11.63

🇭🇰 103.115.56.3

🇮🇳 103.89.136.111

🇩🇪 91.204.46.235

🇬🇧 81.19.219.208

🇺🇸 66.117.5.71

🇳🇱 45.148.10.141

🇬🇧 45.82.76.129