AbuseIPDB » 20.172.37.230
20.172.37.230
This IP was reported 25 times. Confidence of
Abuse
is 100% : ?
ISP
Microsoft Corporation
Usage Type
Data Center/Web Hosting/Transit
ASN
AS8075
Domain Name
microsoft.com
Country
πΊπΈ
United States of America
City
Phoenix, Arizona
IP info including ISP, Usage Type, and Location provided
by IPInfo . Updated weekly.
IP Abuse Reports for 20.172.37.230 :
This IP address has been reported a total of
25
times from
22 distinct
sources.
20.172.37.230 was first reported on
May 24th 2026 , and the most recent report was
14 hours ago
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
πΊπΈ
TPI-Abuse
2026-06-03 01:49:51
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 20.172.37.230 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.172.37.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:49:46.233817 2026] [security2:error] [pid 1893:tid 1893] [client 20.172.37.230:4934] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.206"] [uri "/.git/config"] [unique_id "ah-IOv676WVW7xrSROsrUgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§πΎ
lns.bz
2026-06-03 00:57:22
(1 day ago)
Too many 404 requests [BY]
Web App Attack
π·πΈ
Scan
2026-06-03 00:20:02
(1 day ago)
MultiHost/MultiPort Probe, Scan, Hack -
Port Scan
Hacking
π©πͺ
KPS
2026-06-03 00:09:05
(1 day ago)
PortscanM
Port Scan
π¨π¦
lakered
2026-06-02 23:58:53
(1 day ago)
Detectors: [NGINX] | Reasons: Nginx Honeypot: Sensitive configuration file search | Automated scan t ...
show more
Detectors: [NGINX] | Reasons: Nginx Honeypot: Sensitive configuration file search | Automated scan targeting an unauthorized host or default server sinkhole | Tech Evidence: Incomplete-Browser-Profile (Missing: Accept, Accept-Language), Fake-Chrome-Desktop (No-CH) | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
show less
Port Scan
Bad Web Bot
Hacking
Web App Attack
2026-06-02 23:55:44
(1 day ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
πΉπ
Sawasdee
2026-06-02 23:44:02
(1 day ago)
Port Scan
...
Port Scan
πΊπΈ
TPI-Abuse
2026-06-02 23:34:52
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 20.172.37.230 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.172.37.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 19:34:45.450987 2026] [security2:error] [pid 8097:tid 8097] [client 20.172.37.230:5124] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.241"] [uri "/.git/HEAD"] [unique_id "ah9olSsRYCk5BUbqvhD7QQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
MPL
2026-06-02 23:18:51
(1 day ago)
tcp port scan (8 or more attempts)
Port Scan
π©πͺ
2048
2026-05-24 13:50:26
(1 week ago)
2026-05-24T15:50:23.150836+02:00 machodeer kernel: [2338540.489878] [UFW BLOCK] IN=ens3 OUT= MAC=RED ...
show more
2026-05-24T15:50:23.150836+02:00 machodeer kernel: [2338540.489878] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=20.172.37.230 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=27752 DF PROTO=TCP SPT=29750 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0
2026-05-24T15:50:24.205653+02:00 machodeer kernel: [2338541.545095] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=20.172.37.230 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=27753 DF PROTO=TCP SPT=29750 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0
2026-05-24T15:50:25.229708+02:00 machodeer kernel: [2338542.569401] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=20.172.37.230 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=27754 DF PROTO=TCP SPT=29750 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0
show less
Port Scan
Showing 16 to
25
of 25 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown π©
Recently Reported IPs: