JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 130.131.237.137

130.131.237.137 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 85%: ?

85%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 130.131.237.137

Whois 130.131.237.137

IP Abuse Reports for 130.131.237.137:

This IP address has been reported a total of 22 times from 16 distinct sources. 130.131.237.137 was first reported on April 27th 2026, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (14 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 ReportingBaddies	2026-06-03 11:53:52 (1 day ago)	Automated credential scanning (.env, AWS/config files). Botnet with spoofed user agents.	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 05:40:48 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 130.131.237.137 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 130.131.237.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:40:41.130532 2026] [security2:error] [pid 19678:tid 19678] [client 130.131.237.137:5837] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.137"] [uri "/.git/HEAD"] [unique_id "ah--WelQymY2sKsmtPnXiQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 SSP	2026-06-03 05:20:01 (1 day ago)	Automatic report from iptables firewall - detected malicious activity	DDoS Attack Brute-Force SSH Web App Attack Port Scan Hacking
🇧🇷 SOC PR	2026-06-03 04:38:17 (1 day ago)	IPS: Web Server Exposed Git Repository Information Disclosure.	Hacking
🇬🇧 PeravixGroup	2026-06-03 03:57:21 (1 day ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇬🇧 gurnip	2026-06-03 03:24:12 (1 day ago)	Vulnerability probe of page /.env, not found on server.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 03:23:41 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 130.131.237.137 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 130.131.237.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:23:32.961117 2026] [security2:error] [pid 29909:tid 29909] [client 130.131.237.137:4280] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.207"] [uri "/.env"] [unique_id "ah-eNPLPfvoQq6XhuTs9ZgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 conrad10781	2026-06-03 03:16:19 (1 day ago)	nginx-direct-ip	Port Scan
🇷🇸 Scan	2026-06-03 02:25:17 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-03 02:10:46 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 130.131.237.137 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 130.131.237.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 22:10:41.951513 2026] [security2:error] [pid 5653:tid 5653] [client 130.131.237.137:4211] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.104"] [uri "/.git/HEAD"] [unique_id "ah-NIYsaH0_oN-Px1VJAjQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 AutosOnShow	2026-06-03 01:55:06 (1 day ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-03 01:54:36.196 \|	Web App Attack
Anonymous	2026-06-03 01:21:54 (1 day ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-03 01:04:58 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 130.131.237.137 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 130.131.237.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:04:53.769385 2026] [security2:error] [pid 14270:tid 14270] [client 130.131.237.137:5687] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.73"] [uri "/.git/HEAD"] [unique_id "ah99tTS7gxQMnoMyaV2m1gAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 zupan	2026-06-03 01:00:46 (1 day ago)	Blocked by UFW on vps [2083/tcp] \| SPT: 4681 \| TTL: 41 \| LEN: 60 \| TOS: 0x00 • Reported by: github.c ... show more Blocked by UFW on vps [2083/tcp] \| SPT: 4681 \| TTL: 41 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 189.111.22.75

🇲🇽 187.230.115.212

🇮🇳 182.60.68.148

🇺🇸 104.248.53.91

🇺🇬 102.218.89.110

🇩🇪 69.5.169.246

🇺🇸 64.62.156.215

🇺🇸 45.132.115.119

🇬🇧 35.203.211.61

🇺🇸 34.70.193.8

🇺🇸 2620:171:e1:f0::251

🇲🇽 187.184.242.92

🇳🇱 176.65.139.126

🇳🇱 176.65.139.66

🇩🇪 167.94.146.72

🇨🇮 154.0.30.137

🇫🇮 147.185.133.252

🇳🇱 80.82.77.202

🇬🇧 35.203.210.156

🇦🇺 34.129.228.8