JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 82.25.102.20

82.25.102.20 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	netutils.io
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 82.25.102.20

Whois 82.25.102.20

IP Abuse Reports for 82.25.102.20:

This IP address has been reported a total of 42 times from 28 distinct sources. 82.25.102.20 was first reported on June 6th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 2000cn.com.au	2026-06-07 18:30:12 (1 hour ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇫🇷 masterguru	2026-06-07 16:42:19 (3 hours ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇬🇧 consul.to	2026-06-07 15:40:35 (4 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇳🇿 Tripwire	2026-06-07 13:43:28 (6 hours ago)	Scanning for exploits - /core/.env	Web App Attack
🇳🇱 wlt-blocker	2026-06-07 13:19:47 (6 hours ago)	Unauthorized access to webpage admin	Web App Attack
🇫🇷 masterguru	2026-06-07 13:07:56 (6 hours ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
Anonymous	2026-06-07 10:20:01 (9 hours ago)	suspicious request in access.log	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 09:39:08 (10 hours ago)	(mod_security) mod_security (id:210492) triggered by 82.25.102.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.25.102.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 05:39:03.863955 2026] [security2:error] [pid 27596:tid 27596] [client 82.25.102.20:52580] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jdubindustries.com"] [uri "/member/.env"] [unique_id "aiU8NwtGLuV_u5CBhYGXvAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-07 08:26:24 (11 hours ago)	82.25.102.20 - - [07/Jun/2026:11:26:24 +0300] "GET /dev/.env HTTP/1.1" 404 3279 "-" "Mozilla/5.0 (Ma ... show more 82.25.102.20 - - [07/Jun/2026:11:26:24 +0300] "GET /dev/.env HTTP/1.1" 404 3279 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 82.25.102.20 - - [07/Jun/2026:11:26:24 +0300] "GET /member/.env HTTP/1.1" 404 3279 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" ... show less	Web App Attack
🇳🇱 e.fierstra	2026-06-07 08:23:52 (11 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-06-07 07:44:33 (12 hours ago)	dot file probe	Web App Attack
🇺🇸 kosada.com	2026-06-07 07:02:49 (12 hours ago)	Web vulnerability probing: /laravel/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 07:02:22 (12 hours ago)	(mod_security) mod_security (id:210492) triggered by 82.25.102.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.25.102.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 03:02:18.264844 2026] [security2:error] [pid 17912:tid 17912] [client 82.25.102.20:32210] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bradmackenzie.com"] [uri "/dev/.env"] [unique_id "aiUXenLlAg9TkNJpY4_SagAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WellSpring	2026-06-07 05:40:21 (14 hours ago)	env exposure on naturologie.com/dev/.env — WellSpr.ing/NetSentinel civic-AI security layer	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 04:24:02 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 82.25.102.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.25.102.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 00:23:59.278686 2026] [security2:error] [pid 18039:tid 18039] [client 82.25.102.20:61740] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "casalaaldehuela.com"] [uri "/app/.env"] [unique_id "aiTyX_PeksqrB4IDATixhQAAACI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 42 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.126

🇺🇸 174.35.25.178

🇺🇸 172.98.33.107

🇵🇭 120.28.137.87

🇻🇳 113.161.39.122

🇯🇵 111.238.174.6

🇳🇱 45.128.199.152

🇩🇪 43.165.6.182

🇺🇸 3.133.122.188

🇧🇷 200.142.182.166

🇬🇧 194.50.235.158

🇷🇺 176.109.97.11

🇨🇦 158.69.112.181

🇺🇸 103.101.201.67

🇧🇪 198.235.24.169

🇬🇧 195.206.182.218

🇺🇸 194.195.208.213

🇹🇷 194.116.236.22

🇩🇪 178.105.210.107

🇸🇬 139.99.38.177