JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 80.225.239.126

80.225.239.126 was found in our database!

This IP was reported 74 times. Confidence of Abuse is 100%: ?

100%

ISP	Oracle Svenska AB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31898
Domain Name	oracle.com
Country	🇮🇳 India
City	Mumbai, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 80.225.239.126

Whois 80.225.239.126

IP Abuse Reports for 80.225.239.126:

This IP address has been reported a total of 74 times from 41 distinct sources. 80.225.239.126 was first reported on May 15th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 ITSNF	2026-06-19 18:00:04 (1 hour ago)	Blocked by os-abuseipdb; 9 hits, proto=tcp, ports=443	Port Scan Hacking
🇳🇴 Bots.go.to.hell	2026-06-19 09:36:14 (9 hours ago)	This IP was detected by CrowdSec triggering custom/http-bad-crawler-ban	Web App Attack Bad Web Bot
🇳🇱 BlueWire Hosting	2026-06-19 08:49:38 (10 hours ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇩🇪 CK_beats	2026-06-19 06:40:01 (12 hours ago)	Blocked by os-abuseipdb on OPNsense firewall KN-FW01; 9 hits, proto=tcp, ports=443	Port Scan Hacking
🇨🇭 4server	2026-06-16 18:41:08 (3 days ago)	[TueJun1620:41:04.3060062026][security2:error][pid1316556:tid1316857][client80.225.239.126:0]ModSecu ... show more [TueJun1620:41:04.3060062026][security2:error][pid1316556:tid1316857][client80.225.239.126:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\$$\(41\271$\)\)foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync$echo\$\(\(41\271$\)\).tostring.trimthrowobject.assign$newerror\(next_redirect${digest:\`next_redirectpush/login\?a=\${res}307\`}\)_chunks:\$q2_formdata:{get:\$3:\$\$:constructor:constructor}}}\"][tag\"attack-rce\"][hostname\"swisservers.com\"][uri\"/\"][unique_id\"ajGYwOJ0nNmknsUwM01aoQAAANU\"] show less	Hacking Web App Attack
🇩🇪 4server	2026-06-16 08:54:15 (3 days ago)	[TueJun1610:54:10.0293922026][security2:error][pid1299161:tid1299176][client80.225.239.126:0]ModSecu ... show more [TueJun1610:54:10.0293922026][security2:error][pid1299161:tid1299176][client80.225.239.126:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$curl\\|wget\\|python\\|nikto\\|sqlmap\\|acunetix\\|fimap\\|dirbuster\\|cmsmap$\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"217\"][id\"990210\"][msg\"Suspicioususer-agentblocked\"][hostname\"www.rebirthing-lugano.ch.136-243-54-122.cpanel.site\"][uri\"/\"][unique_id\"ajEPMkvGpXwpDVUVQrpRPAAAAAw\"] show less	Port Scan Brute-Force Web App Attack
🇳🇴 Bots.go.to.hell	2026-06-16 06:14:39 (3 days ago)	This IP was detected by CrowdSec triggering custom/http-bad-crawler-ban	Web App Attack Bad Web Bot
Anonymous	2026-06-15 03:54:53 (4 days ago)	9 hits, proto=tcp, ports=443	Port Scan Hacking
🇩🇪 4server	2026-06-13 06:09:07 (6 days ago)	[SatJun1308:09:02.4567612026][security2:error][pid684910:tid685011][client80.225.239.126:0]ModSecuri ... show more [SatJun1308:09:02.4567612026][security2:error][pid684910:tid685011][client80.225.239.126:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\$$\(41\271$\)\)foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync$echo\$\(\(41\271$\)\).tostring.trimthrowobject.assign$newerror\(next_redirect${digest:\`next_redirectpush/login\?a=\${res}307\`}\)_chunks:\$q2_formdata:{get:\$3:\$\$:constructor:constructor}}}\"][tag\"attack-rce\"][hostname\"orabonastudio.it\"][uri\"/\"][unique_id\"aizz_ioRJydkoY1wocsB2gAAAM4\"] show less	Port Scan Brute-Force Web App Attack
🇨🇭 4server	2026-06-13 04:46:36 (6 days ago)	[SatJun1306:46:34.2086642026][security2:error][pid3719080:tid3719191][client80.225.239.126:0]ModSecu ... show more [SatJun1306:46:34.2086642026][security2:error][pid3719080:tid3719191][client80.225.239.126:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\$$\(41\271$\)\)foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync$echo\$\(\(41\271$\)\).tostring.trimthrowobject.assign$newerror\(next_redirect${digest:\`next_redirectpush/login\?a=\${res}307\`}\)_chunks:\$q2_formdata:{get:\$3:\$\$:constructor:constructor}}}\"][tag\"attack-rce\"][hostname\"ticino-hosting.ch\"][uri\"/\"][unique_id\"aizgqhh0dmvAFc6YYfq4GQAAANA\"] show less	Hacking Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-11 20:08:02 (1 week ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice01,ice02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-11 19:05:03 (1 week ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [wa01,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 12:18:06 (1 week ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇩🇪 4server	2026-06-07 10:58:49 (1 week ago)	[SunJun0712:58:45.9665792026][security2:error][pid3703289:tid3703367][client80.225.239.126:0]ModSecu ... show more [SunJun0712:58:45.9665792026][security2:error][pid3703289:tid3703367][client80.225.239.126:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\$$\(41\271$\)\)foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync$echo\$\(\(41\271$\)\).tostring.trimthrowobject.assign$newerror\(next_redirect${digest:\`next_redirectpush/login\?a=\${res}307\`}\)_chunks:\$q2_formdata:{get:\$3:\$\$:constructor:constructor}}}\"][tag\"attack-rce\"][hostname\"newbeauty-pully.ch\"][uri\"/\"][unique_id\"aiVO5VsiJHYFrjdz4PlCFAAAAFg\"] show less	Port Scan Brute-Force Web App Attack
🇨🇦 dispensight	2026-06-07 08:26:05 (1 week ago)	Login panel probe with dual-UA rotation: 4 HEAD+POST requests to kpi.dispensight.ca. Paths: /login. ... show more Login panel probe with dual-UA rotation: 4 HEAD+POST requests to kpi.dispensight.ca. Paths: /login. UA rotation (2 distinct): Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0; python-requests/2.33.1. Oracle Corporation (Mumbai, India). show less	Brute-Force Bad Web Bot

Showing 1 to 15 of 74 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.136

🇺🇸 165.154.235.9

🇦🇴 154.116.254.157

🇨🇳 103.236.94.150

🇮🇳 103.180.237.218

🇨🇳 218.202.143.68

🇰🇷 211.197.12.104

🇷🇺 178.178.222.60

🇳🇱 176.65.139.238

🇮🇩 103.122.34.142

🇭🇰 101.36.124.127

🇺🇸 67.215.253.103

🇺🇸 66.25.77.228

🇲🇾 49.124.151.84

🇺🇸 44.163.10.119

🇨🇳 14.103.127.75

🇺🇸 147.185.132.99

🇸🇬 128.199.182.55

🇮🇩 114.10.47.235

🇻🇳 103.167.89.222