AbuseIPDB » 20.37.122.236

20.37.122.236 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 46%: ?

46%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 20.37.122.236

Whois 20.37.122.236

IP Abuse Reports for 20.37.122.236:

This IP address has been reported a total of 21 times from 15 distinct sources. 20.37.122.236 was first reported on May 18th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
octageeks.com	2025-05-19 04:06:21 (4 weeks ago)	Wordpress malicious attack:[octascan]	Web App Attack
LRob.fr	2025-05-18 20:15:12 (4 weeks ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
TPI-Abuse	2025-05-18 18:25:18 (4 weeks ago)	(mod_security) mod_security (id:240000) triggered by 20.37.122.236 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:240000) triggered by 20.37.122.236 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 14:25:14.960813 2025] [security2:error] [pid 750878:tid 750878] [client 20.37.122.236:5887] [client 20.37.122.236] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|mail.jonathanwilsonphotography.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "mail.jonathanwilsonphotography.com"] [uri "/images/stories/admin-post.php"] [unique_id "aComCt--t-LJDUznrzd93QAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Rizzy	2025-05-18 17:46:53 (4 weeks ago)	Multiple WAF Violations	Brute-Force Web App Attack
TPI-Abuse	2025-05-18 17:46:05 (4 weeks ago)	(mod_security) mod_security (id:240000) triggered by 20.37.122.236 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:240000) triggered by 20.37.122.236 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 13:45:59.398462 2025] [security2:error] [pid 636185:tid 636185] [client 20.37.122.236:4759] [client 20.37.122.236] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|nationalenq.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "nationalenq.com"] [uri "/images/stories/admin-post.php"] [unique_id "aCoc15LCby7lfQmSpSXbLgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Mediashaker	2025-05-18 17:45:06 (4 weeks ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 20.37.122.236 (JP/Japan/ ... show more(apache-scanners) Failed apache-scanners trigger with match [redacted] from 20.37.122.236 (JP/Japan/-) show less	Port Scan
Site.eu	2025-05-18 17:44:52 (4 weeks ago)	Excessive multi-domain requests	Brute-Force
Anonymous	2025-05-18 17:43:45 (4 weeks ago)	(mod_security) mod_security triggered on hostname [redacted] 20.37.122.236 (JP/Japan/-)	SQL Injection
findlab	2025-05-18 17:20:02 (4 weeks ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
Site.eu	2025-05-18 16:44:41 (4 weeks ago)	Excessive 404/403 errors	Brute-Force
TPI-Abuse	2025-05-18 16:32:54 (4 weeks ago)	(mod_security) mod_security (id:240000) triggered by 20.37.122.236 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:240000) triggered by 20.37.122.236 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 12:32:46.908346 2025] [security2:error] [pid 2389396:tid 2389396] [client 20.37.122.236:4803] [client 20.37.122.236] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|www.openhouses.iainrealtor.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.openhouses.iainrealtor.com"] [uri "/images/stories/admin-post.php"] [unique_id "aCoLrjD1vpP7fgPnzuzHogAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
mnsf	2025-05-18 16:05:12 (4 weeks ago)	Too many Status 40X (11)	Brute-Force Web App Attack
4server	2025-05-18 15:57:04 (4 weeks ago)	[SunMay1817:56:59.9158722025][security2:error][pid3883515:tid3883547][client20.37.122.236:0][client2 ... show more[SunMay1817:56:59.9158722025][security2:error][pid3883515:tid3883547][client20.37.122.236:0][client20.37.122.236]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx/index\\\\\\\\.php\$\"against\"REQUEST_FILENAME\"required.[file\"/etc/apache2/conf.d/modsec_rules/51_asl_wordpress_extra.conf\"][line\"33\"][id\"333149\"][rev\"21\"][msg\"Atomicorp.comWAFRules:PossiblePHPwebshelldetectedandblocked\"][severity\"CRITICAL\"][hostname\"respiratrentino.it\"][uri\"/wp-content/uploads/classwithtostring.php\"][unique_id\"aCoDS-DDdynQZ_7-C8X4ygAAAEQ\"] show less	Port Scan Brute-Force Web App Attack
vaia.cloud	2025-05-18 15:53:01 (4 weeks ago)	trying wp-login.php/xmlrpc.php 30 times in 1 minutes	Brute-Force Web App Attack
CryptoYakari	2025-05-18 15:17:18 (4 weeks ago)	20.37.122.236 - - [18/May/2025:18:17:11 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more20.37.122.236 - - [18/May/2025:18:17:11 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.0" 404 1872 "-" "-" 20.37.122.236 - - [18/May/2025:18:17:15 +0300] "GET /wp-includes/Text/network.php HTTP/1.0" 404 1872 "-" "-" 20.37.122.236 - - [18/May/2025:18:17:15 +0300] "GET /wp-content/upgrade-temp-backup/wp-login.php HTTP/1.0" 404 1872 "-" "-" 20.37.122.236 - - [18/May/2025:18:17:16 +0300] "GET /js/fm.php HTTP/1.0" 404 1872 "-" "-" 20.37.122.236 - - [18/May/2025:18:17:17 +0300] "GET /wp-content/themes/astra/inc/ki1k.php HTTP/1.0" 404 1872 "-" "-" ... show less	Web Spam Blog Spam Bad Web Bot Web App Attack

Showing 1 to 15 of 21 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

211.110.140.145

86.57.226.85

109.248.151.19

134.209.213.146

110.53.126.241

146.0.226.155

117.236.181.132

14.103.105.36

51.158.120.121

47.106.187.235

193.46.255.40

80.94.95.112

216.174.85.68

202.140.131.30

172.68.205.131

64.23.160.51

172.212.200.195

80.112.141.230

157.240.251.63

34.93.118.109