This IP address has been reported a total of
28
times from
20 distinct
sources.
160.20.225.166 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
[Sun May 24 13:07:44.738547 2026] [security2:error] [pid 258888:tid 140343541413568] [client 160.20. ...
show more[Sun May 24 13:07:44.738547 2026] [security2:error] [pid 258888:tid 140343541413568] [client 160.20.225.166:39783] ModSecurity: Access denied with code 403 (phase 1). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "857"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: GET found within REQUEST_HEADERS: 1 request_line = GET /index.php/informasi-iklim/infografis-iklim/infografis-klimat-story HTTP/2.0 Request URI RAW = /index.php/informasi-iklim/infografis-iklim/infografis-klimat-story Request Basename = infografis-klimat-story"] [severity "CRITICAL"] [ver "OWASP_CRS/4.26.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEM
...
show less
Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ...
show moreHoneypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud
show less
(mod_security) mod_security (id:900210) triggered by 160.20.225.166 (BO/Bolivia/166.in-addr.arpa): 2 ...
show more(mod_security) mod_security (id:900210) triggered by 160.20.225.166 (BO/Bolivia/166.in-addr.arpa): 2 in the last 900 secs
show less
(mod_security) mod_security (id:217210) triggered by 160.20.225.166 (166.in-addr.arpa): 1 in the las ...
show more(mod_security) mod_security (id:217210) triggered by 160.20.225.166 (166.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 19:51:05.314807 2026] [security2:error] [pid 11599:tid 11599] [client 160.20.225.166:58364] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line||okxxx.casa|F|4"] [data "GET http://okxxx.casa HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "okxxx.casa"] [uri "/"] [unique_id "af_IaeotK1sQ5cA_lCcPRwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ...
show moreDistributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in thread-skip.asp
show less
Bad web bot: Spoofed/obsolete UA (Mozilla/5.0 (Windows NT 5.0; ht-HT; rv:1.9.2.20) Gecko/9076-06-04 ...
show moreBad web bot: Spoofed/obsolete UA (Mozilla/5.0 (Windows NT 5.0; ht-HT; rv:1.9.2.20) Gecko/9076-06-04 03:18:25.365997 Firefox/3.8). Mass-scanning WordPress plugin. Coordinated large-scale bot attack.
show less
Fail2Ban: 160.20.225.166 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5 ...
show moreFail2Ban: 160.20.225.166 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
show less