JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 132.196.80.149

132.196.80.149 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 79%: ?

79%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 132.196.80.149

Whois 132.196.80.149

IP Abuse Reports for 132.196.80.149:

This IP address has been reported a total of 27 times from 25 distinct sources. 132.196.80.149 was first reported on April 13th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 larse99	2026-06-08 20:59:35 (1 week ago)	Detected Scanning / Hacking activity	Port Scan Hacking
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇫🇷 geot	2026-06-03 10:50:35 (2 weeks ago)	GET /.env.local HTTP/1.1 GET /phpinfo.php HTTP/1.1 GET /.git/HEAD HTTP/1.1 GET /backup.sql HTTP/1.1 ... show more GET /.env.local HTTP/1.1 GET /phpinfo.php HTTP/1.1 GET /.git/HEAD HTTP/1.1 GET /backup.sql HTTP/1.1 GET /.aws/credentials HTTP/1.1 GET /wp-config.php HTTP/1.1 GET /.htpasswd HTTP/1.1 GET /actuator/env HTTP/1.1 GET /.env.backup HTTP/1.1 show less	Hacking Bad Web Bot Web App Attack
🇧🇷 SOC-BR	2026-06-03 07:23:47 (2 weeks ago)	Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-02 2 ... show more Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-02 22:41:22 - Source Port 45812 show less	Port Scan Hacking
Anonymous	2026-06-03 06:12:26 (2 weeks ago)	git/env leak probe	Web App Attack
🇩🇪 defkev	2026-06-03 05:48:24 (2 weeks ago)	Web Application Attack, Information Leak	Hacking
🇬🇧 PeravixGroup	2026-06-03 05:46:31 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 helios.live	2026-06-03 05:40:33 (2 weeks ago)	2026/06/03 05:40:29 [error] 2955111#2955111: 1704726 access forbidden by rule, client: 132.196.80.1 ... show more 2026/06/03 05:40:29 [error] 2955111#2955111: 1704726 access forbidden by rule, client: 132.196.80.149, server: 163.123.204.218, request: "GET /.git/config HTTP/1.1", host: "163.123.204.218" 2026/06/03 05:40:30 [error] 2955111#2955111: 1704727 access forbidden by rule, client: 132.196.80.149, server: 163.123.204.218, request: "GET /.env HTTP/1.1", host: "163.123.204.218" 2026/06/03 05:40:31 [error] 2955111#2955111: 1704730 access forbidden by rule, client: 132.196.80.149, server: 163.123.204.218, request: "GET /.env.local HTTP/1.1", host: "163.123.204.218" 2026/06/03 05:40:32 [error] 2955111#2955111: 1704732 access forbidden by rule, client: 132.196.80.149, server: 163.123.204.218, request: "GET /.env.production HTTP/1.1", host: "163.123.204.218" 2026/06/03 05:40:33 [error] 2955111#2955111: 1704733 access forbidden by rule, client: 132.196.80.149, server: 163.123.204.218, request: "GET /.env.backup HTTP/1.1", host: "163.123.204.218" ... show less	Web App Attack
🇹🇷 SeczarSecureOps	2026-06-03 05:11:27 (2 weeks ago)	Seczar SecureOps — Port Scan Detection (8 events) — quarantined 43200m on fgdcapi	Port Scan
🇺🇸 MPL	2026-06-03 04:52:25 (2 weeks ago)	tcp port scan (7 or more attempts)	Port Scan
🇺🇸 Mainpine	2026-06-03 04:48:08 (2 weeks ago)	probing for vulnerable web apps	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 04:44:12 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 132.196.80.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 132.196.80.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:44:06.131881 2026] [security2:error] [pid 15364:tid 15364] [client 132.196.80.149:46878] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.21"] [uri "/.env"] [unique_id "ah-xFjajrwsIjyG4Q1MvxwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Apache	2026-06-03 04:38:29 (2 weeks ago)	(mod_security) mod_security (id:920350) triggered by 132.196.80.149 (US/United States/-): 5 in the l ... show more (mod_security) mod_security (id:920350) triggered by 132.196.80.149 (US/United States/-): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇧🇷 SOC PR	2026-06-03 04:36:57 (2 weeks ago)	IPS: Web Server Exposed Git Repository Information Disclosure.	Hacking
🇫🇷 Dechavanne	2026-06-03 04:00:11 (2 weeks ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 103.184.238.99

🇯🇲 67.230.43.159

🇺🇸 40.77.167.78

🇨🇴 200.10.29.236

🇸🇬 193.37.32.59

🇦🇹 159.100.25.174

🇯🇵 118.193.61.170

🇺🇸 107.173.119.32

🇺🇸 91.230.168.139

🇨🇴 69.6.234.27

🇺🇸 43.162.112.238

🇧🇷 200.155.66.2

🇸🇬 193.37.32.87

🇺🇸 158.173.22.63

🇳🇱 158.173.20.57

🇺🇸 117.55.229.156

🇺🇸 107.170.40.174

🇦🇱 103.124.165.174

🇮🇳 103.84.236.242

🇳🇬 102.88.137.80