This IP address has been reported a total of
36
times from
14 distinct
sources.
157.20.244.163 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
[Tue Aug 12 22:56:28.392180 2025] [security2:error] [pid 269126:tid 140066929223360] [client 157.20. ...
show more[Tue Aug 12 22:56:28.392180 2025] [security2:error] [pid 269126:tid 140066929223360] [client 157.20.244.163:38248] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.*?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].*?[\\"'`]|(?:\\\\r?\\\\n)?\\\\z|[^\\"'`]+)|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]*?from|(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[\\\\s\\\\x0b]*?\\\\([\\\\s\\\\x0b]*?space[\\\\s\\\\x0b]*?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "2129"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: , like Gecko) Version/4.0 Chrome/138.0.7204.179 Mobile Safari/537.36 OcIdWebView ({\\x22os\\x22:\\x22Android\\x22, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 14; CPH238
...
show less
[Wed Aug 06 22:52:16.956540 2025] [security2:error] [pid 667843:tid 139664416515776] [client 157.20. ...
show more[Wed Aug 06 22:52:16.956540 2025] [security2:error] [pid 667843:tid 139664416515776] [client 157.20.244.163:3350] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.*?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].*?[\\"'`]|(?:\\\\r?\\\\n)?\\\\z|[^\\"'`]+)|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]*?from|(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[\\\\s\\\\x0b]*?\\\\([\\\\s\\\\x0b]*?space[\\\\s\\\\x0b]*?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "2129"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: , like Gecko) Version/4.0 Chrome/138.0.7204.168 Mobile Safari/537.36 OcIdWebView ({\\x22os\\x22:\\x22Android\\x22, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 14; CPH2387
...
show less
Triggered Cloudflare WAF (l7ddos) from ID.
ASN: 138089 (GMDP-AS-ID PT.Global Media Data Prima)
Proto ...
show moreTriggered Cloudflare WAF (l7ddos) from ID.
ASN: 138089 (GMDP-AS-ID PT.Global Media Data Prima)
Protocol: HTTP/2 (GET method)
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Malicious activity detected from 138089 GMDP-AS-ID PT.Global Media Data Prima towards host panel.sil ...
show moreMalicious activity detected from 138089 GMDP-AS-ID PT.Global Media Data Prima towards host panel.sillydev.co.uk (GET HTTP/2) @ 2025-07-13T01:39:10Z (1 occurrences)
show less
DDoS Attack
Exploited Host
Showing 1 to
15
of 36 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ