JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.66.24.162

157.66.24.162 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 70%: ?

70%

ISP	Tran Thi Data and Technology Company Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS149107
Domain Name	datatranthi.xyz
Country	🇻🇳 Viet Nam
City	Cau Dien, Hanoi

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.66.24.162

Whois 157.66.24.162

IP Abuse Reports for 157.66.24.162:

This IP address has been reported a total of 26 times from 19 distinct sources. 157.66.24.162 was first reported on June 2nd 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-03 11:10:37 (2 weeks ago)	unsolicited connect TCP dport 8080 (sport 38895)	Hacking
🇬🇧 PeravixGroup	2026-06-03 10:39:47 (2 weeks ago)	Honeypot detection: Open proxy abuse / unauthorized tunneling on port 8080. Severity: LOW. Aaran.clo ... show more Honeypot detection: Open proxy abuse / unauthorized tunneling on port 8080. Severity: LOW. Aaran.cloud show less	Web Spam
🇨🇱 demonsword	2026-06-03 10:39:43 (2 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: google.com:443 show less	Open Proxy Port Scan
🇯🇵 S.O.B.A. Dev.	2026-06-03 10:35:13 (2 weeks ago)	Persistent port scanning or vulnerability scanning	Port Scan
🇺🇸 MPL	2026-06-03 10:06:09 (2 weeks ago)	tcp/8080 (2 or more attempts)	Port Scan
🇺🇸 RAP	2026-06-03 09:37:19 (2 weeks ago)	2026-06-03 09:37:19 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
Anonymous	2026-06-03 08:39:46 (2 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-open-proxy	Web App Attack
🇨🇦 DRI	2026-06-03 08:29:17 (2 weeks ago)	Unsolicited TCP traffic on Honeypot, srcport=59262 dstport=80	Port Scan Hacking
🇵🇱 jekob	2026-06-03 08:25:11 (2 weeks ago)	Automated malicious activity detected (1 events)	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 08:21:55 (2 weeks ago)	(mod_security) mod_security (id:217210) triggered by 157.66.24.162 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:217210) triggered by 157.66.24.162 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 04:21:39.653662 2026] [security2:error] [pid 8239:tid 8239] [client 157.66.24.162:42784] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|google.com:443\|F\|4"] [data "CONNECT google.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "google.com"] [uri "/"] [unique_id "ah_kEyCdGqgXMKjuif_GtQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ghostwarriors	2026-06-03 08:20:21 (2 weeks ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-03 08:16:27 (2 weeks ago)	tcp/80 (5 or more attempts)	Port Scan
🇺🇸 NXTwoThou	2026-06-03 08:12:19 (2 weeks ago)	connect google.com:443	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 08:04:47 (2 weeks ago)	(mod_security) mod_security (id:217210) triggered by 157.66.24.162 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:217210) triggered by 157.66.24.162 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 04:04:33.609384 2026] [security2:error] [pid 17310:tid 17310] [client 157.66.24.162:36570] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|google.com:443\|F\|4"] [data "CONNECT google.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "google.com"] [uri "/"] [unique_id "ah_gERESvQ56gPIO884pnwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 Threat.live	2026-06-03 07:50:06 (2 weeks ago)	Suspicious Connection Attempts	Brute-Force

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇩 196.1.201.162

🇮🇷 5.209.246.131

🇳🇱 176.65.139.102

🇺🇸 135.237.115.13

🇻🇳 103.186.101.237

🇸🇬 47.74.213.140

🇨🇳 39.105.95.22

🇬🇧 35.203.211.12

🇧🇷 190.89.137.235

🇶🇦 34.153.64.147

🇺🇸 20.221.68.74

🇰🇷 210.114.22.126

🇨🇳 124.160.173.22

🇹🇿 102.214.44.117

🇵🇱 87.251.64.146

🇺🇦 78.30.247.251

🇺🇸 74.125.184.151

🇩🇪 69.5.169.246

🇻🇳 14.248.83.33

🇺🇸 162.216.150.136