AbuseIPDB » 13.66.139.54

Check an IP Address, Domain Name, or Subnet

e.g. 3.235.191.73, microsoft.com, or 5.188.10.0/24

13.66.139.54 was found in our database!

This IP was reported 79 times. Confidence of Abuse is 70%: ?

70%

ISP	Microsoft Corporation
Usage Type	Search Engine Spider
Hostname(s)	msnbot-13-66-139-54.search.msn.com
Domain Name	microsoft.com
Country	United States of America
City	Redmond, Washington

IP info including ISP, Usage Type, and Location provided by IP2Location. Updated monthly.

Report 13.66.139.54

Whois 13.66.139.54

IP Abuse Reports for 13.66.139.54:

This IP address has been reported a total of 79 times from 18 distinct sources. 13.66.139.54 was first reported on November 22nd 2020, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	Date	Comment	Categories
HJ5Ss4Ju	20 Apr 2021	Forbidden directory scan :: 2021/04/20 23:19:50 [error] 46499#46499: 730372 access forbidden by rul ... show moreForbidden directory scan :: 2021/04/20 23:19:50 [error] 46499#46499: 730372 access forbidden by rule, client: 13.66.139.54, server: [censored_1], request: "GET /search/ПСИХОЛОГ online Конго Мавритания Консультация Психолога по Скайпу Русскоязычный психолог в Китае skype:amt777/feed/rss2/ HTTP/1.1", host: "www.[censored_1]" show less	Hacking
HJ5Ss4Ju	20 Apr 2021	Forbidden directory scan :: 2021/04/20 21:16:04 [error] 46499#46499: 727521 access forbidden by rul ... show moreForbidden directory scan :: 2021/04/20 21:16:04 [error] 46499#46499: 727521 access forbidden by rule, client: 13.66.139.54, server: [censored_1], request: "GET /search/ПСИХОЛОГ online Конго Мавритания Консультация Психолога по Скайпу Русскоязычный психолог в Китае skype:amt777/feed/rss2/ HTTP/1.1", host: "www.[censored_1]" show less	Hacking
seller_service	19 Apr 2021	abuseConfidenceScore blocked for 12h	Web App Attack
MageHost.pro	19 Apr 2021	15 attempts against mh-modsecurity-ban on drop	Brute-Force Web App Attack
conseilgouz	19 Apr 2021	dow-CG Resa : wrong country/spammer...	Hacking
ozisp.com.au	18 Apr 2021	US_Microsoft_<177>1618749367 [120:7:2] http_inspect: CHUNKED ENCODING - EXCESSIVE CONSECUTIVE SMALL ... show moreUS_Microsoft_<177>1618749367 [120:7:2] http_inspect: CHUNKED ENCODING - EXCESSIVE CONSECUTIVE SMALL CHUNKS [Classification: Unknown Traffic] [Priority: 3]: <seconione-ens192-1> {TCP} 203.176.121.146:80 show less	Hacking
seller_service	16 Apr 2021	abuseConfidenceScore blocked for 12h	Web App Attack
hermawan	14 Apr 2021	[Thu Apr 15 00:42:11.017801 2021] [:error] [pid 17987:tid 140060955502336] [client 13.66.139.54:2118 ... show more[Thu Apr 15 00:42:11.017801 2021] [:error] [pid 17987:tid 140060955502336] [client 13.66.139.54:21184] [client 13.66.139.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/coreruleset-3.3.1-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "756"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "[email protected]"] ... show less	Hacking Web App Attack
hermawan	13 Apr 2021	[Wed Apr 14 00:17:39.165559 2021] [:error] [pid 21806:tid 139770495162112] [client 13.66.139.54:2137 ... show more[Wed Apr 14 00:17:39.165559 2021] [:error] [pid 21806:tid 139770495162112] [client 13.66.139.54:21376] [client 13.66.139.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/coreruleset-3.3.1-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "756"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "YHXSM6O2VgAnwMvmjJFuOgAAALA"] ... show less	Hacking Web App Attack
hermawan	12 Apr 2021	[Mon Apr 12 23:56:37.099332 2021] [:error] [pid 4057:tid 140213152945920] [client 13.66.139.54:35392 ... show more[Mon Apr 12 23:56:37.099332 2021] [:error] [pid 4057:tid 140213152945920] [client 13.66.139.54:35392] [client 13.66.139.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/coreruleset-3.3.1-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "756"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "[email protected]"] ... show less	Hacking Web App Attack
hermawan	11 Apr 2021	[Mon Apr 12 05:33:24.725808 2021] [:error] [pid 17649:tid 140072255952640] [client 13.66.139.54:1856 ... show more[Mon Apr 12 05:33:24.725808 2021] [:error] [pid 17649:tid 140072255952640] [client 13.66.139.54:18560] [client 13.66.139.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/coreruleset-3.3.1-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "756"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "[email protected]"] ... show less	Hacking Web App Attack
hermawan	10 Apr 2021	[Sat Apr 10 21:18:41.147276 2021] [:error] [pid 7343:tid 140123235092224] [client 13.66.139.54:29184 ... show more[Sat Apr 10 21:18:41.147276 2021] [:error] [pid 7343:tid 140123235092224] [client 13.66.139.54:29184] [client 13.66.139.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/coreruleset-3.3.1-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "756"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "YHGzwTrFy2EE7IycS9QSsgAAAGk"] ... show less	Hacking Web App Attack
hermawan	09 Apr 2021	[Fri Apr 09 12:08:20.464915 2021] [:error] [pid 4923:tid 140306582337280] [client 13.66.139.54:26880 ... show more[Fri Apr 09 12:08:20.464915 2021] [:error] [pid 4923:tid 140306582337280] [client 13.66.139.54:26880] [client 13.66.139.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/coreruleset-3.3.1-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "756"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "[email protected]"] ... show less	Hacking Web App Attack
hermawan	08 Apr 2021	[Fri Apr 09 02:23:16.415713 2021] [:error] [pid 9328:tid 140507422381824] [client 13.66.139.54:26624 ... show more[Fri Apr 09 02:23:16.415713 2021] [:error] [pid 9328:tid 140507422381824] [client 13.66.139.54:26624] [client 13.66.139.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/coreruleset-3.3.1-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "756"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "YG9YJE48ZHUM-2FjGIYSKAAAAPk"] ... show less	Hacking Web App Attack
MageHost.pro	08 Apr 2021	15 attempts against mh-modsecurity-ban on drop	Brute-Force Web App Attack