JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.83.174.48

20.83.174.48 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 83%: ?

83%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.83.174.48

Whois 20.83.174.48

IP Abuse Reports for 20.83.174.48:

This IP address has been reported a total of 25 times from 24 distinct sources. 20.83.174.48 was first reported on April 8th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇸 Scan	2026-06-03 01:39:44 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (1 day ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇦🇷 Bruno	2026-06-02 21:56:43 (1 day ago)	Port Scanner: 20.83.174.48	Port Scan
🇹🇷 Threat.live	2026-06-02 20:55:06 (1 day ago)	Suspicious Connection Attempts	Brute-Force
🇷🇴 abuse_IP_reporter	2026-06-02 20:45:11 (1 day ago)	Jun 2 22:59:32 server UFW BLOCK SRC=20.83.174.48 DF PROTO=TCP SPT=47838	Port Scan
Anonymous	2026-06-02 20:16:54 (1 day ago)	Unauthorized connection	Port Scan Hacking
🇳🇱 tpjg	2026-06-02 20:06:53 (1 day ago)	Automated: 15 requests with error status in 120s window from 20.83.174.48. Evidence: /___proxy_subdo ... show more Automated: 15 requests with error status in 120s window from 20.83.174.48. Evidence: /___proxy_subdomain_whm/login/:404,/___proxy_subdomain_whm/login/:404,/dump.sql:301,/backup.sql:301,/.htpasswd:301,/app/config/parameters.yml:301,/config.php:301,/.DS_Store:301,/server-status:301,/phpinfo.php:301,/config/database.yml:301,/.env.production:301,/.env:301,/.git/config:301,/.git/HEAD:301 show less	Web App Attack
🇺🇸 RAP	2026-06-02 20:04:14 (1 day ago)	2026-06-02 20:04:14 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇬🇧 PeravixGroup	2026-06-02 20:03:13 (1 day ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇳🇱 Mangelot Hosting	2026-06-02 19:32:26 (1 day ago)	(modsecurity) srv104 ModSecurity 20.83.174.48 (US/United States/-): 10 in the last 3600 secs; Ports: ... show more (modsecurity) srv104 ModSecurity 20.83.174.48 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
Anonymous	2026-06-02 19:23:03 (1 day ago)	[02/Jun/2026:22:23:02 +0300] 178042818239.661300 20.83.174.48 48004 148.251.76.218 80 [02/Jun/2026:2 ... show more [02/Jun/2026:22:23:02 +0300] 178042818239.661300 20.83.174.48 48004 148.251.76.218 80 [02/Jun/2026:22:23:02 +0300] 178042818253.321421 20.83.174.48 48008 148.251.76.218 80 show less	Web App Attack
🇯🇵 demonsword	2026-05-09 14:39:31 (3 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: example.com:443 show less	Open Proxy Port Scan
🇯🇵 stypr	2026-04-30 07:16:16 (1 month ago)	SSH Bruteforcing Attempt / Port Scanning	Brute-Force SSH
Anonymous	2026-04-30 07:15:31 (1 month ago)	2026-04-30T15:11:19.441645+08:00 kltw-debian sshd[415128]: Connection closed by authenticating user ... show more 2026-04-30T15:11:19.441645+08:00 kltw-debian sshd[415128]: Connection closed by authenticating user root 20.83.174.48 port 14016 [preauth] 2026-04-30T15:11:41.951922+08:00 kltw-debian sshd[415130]: Connection closed by authenticating user root 20.83.174.48 port 14016 [preauth] 2026-04-30T15:12:09.295913+08:00 kltw-debian sshd[415132]: Connection closed by authenticating user root 20.83.174.48 port 14017 [preauth] 2026-04-30T15:12:36.134712+08:00 kltw-debian sshd[415134]: Connection closed by authenticating user root 20.83.174.48 port 14017 [preauth] 2026-04-30T15:12:57.927373+08:00 kltw-debian sshd[415136]: Connection closed by authenticating user root 20.83.174.48 port 14017 [preauth] ... show less	Brute-Force SSH
🇯🇵 paradoxnetworks	2026-04-30 07:15:07 (1 month ago)	2026-04-30T07:14:38.638429+00:00 edge-tyo-con01.int.pdx.net.uk sshd[3888830]: Failed password for ro ... show more 2026-04-30T07:14:38.638429+00:00 edge-tyo-con01.int.pdx.net.uk sshd[3888830]: Failed password for root from 20.83.174.48 port 14016 ssh2 2026-04-30T07:15:04.889067+00:00 edge-tyo-con01.int.pdx.net.uk sshd[3896889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.83.174.48 user=root 2026-04-30T07:15:06.540962+00:00 edge-tyo-con01.int.pdx.net.uk sshd[3896889]: Failed password for root from 20.83.174.48 port 14016 ssh2 ... show less	Brute-Force SSH

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 120.48.26.113

🇺🇸 162.144.84.221

🇮🇹 151.0.154.194

🇨🇳 113.243.32.94

🇨🇳 106.13.122.214

🇫🇷 91.231.89.197

🇨🇦 85.217.149.70

🇳🇱 45.148.10.62

🇰🇷 14.32.106.73

🇺🇸 4.227.178.199

🇺🇸 3.208.171.167

🇩🇴 200.125.171.168

🇳🇱 192.142.24.39

🇨🇳 183.62.175.139

🇦🇫 180.94.74.122

🇧🇷 177.36.214.46

🇹🇭 147.50.227.79

🇺🇸 130.131.161.238

🇨🇳 120.87.99.202

🇨🇳 118.31.121.34