JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.161.60.18

20.161.60.18 was found in our database!

This IP was reported 83 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.161.60.18

Whois 20.161.60.18

IP Abuse Reports for 20.161.60.18:

This IP address has been reported a total of 83 times from 67 distinct sources. 20.161.60.18 was first reported on August 24th 2025, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 cwytech	2026-06-05 06:35:16 (11 hours ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/web-asn-lockdown-high.	Bad Web Bot Web App Attack
🇹🇼 tye	2026-06-05 05:17:03 (12 hours ago)	Wazuh Alert Evidence: [Fri Jun 05 13:17:01.751649 2026] [security2:error] [pid 3869726] [client 20.1 ... show more Wazuh Alert Evidence: [Fri Jun 05 13:17:01.751649 2026] [security2:error] [pid 3869726] [client 20.161.60.18:22240] [client 20.161.60.18] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/apache2/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.23.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "114.32.32.181"] [uri "/.git/config"] [unique_id "aiJbzbT-25ShjJsSXPleCgAAAAA"] show less	Web App Attack
🇯🇵 VXG-NET	2026-06-05 04:34:19 (13 hours ago)	port=80, indicator_type=info-leak	Hacking
🇷🇸 Scan	2026-06-05 02:42:56 (15 hours ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (1 day ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 RAP	2026-06-03 08:18:43 (2 days ago)	2026-06-03 08:18:43 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇵🇱 pshost.pl	2026-06-03 08:08:26 (2 days ago)	2026-06-03T08:08:25.984Z, an unauthorized access attempt was detected on port 22 (SSH) from source I ... show more 2026-06-03T08:08:25.984Z, an unauthorized access attempt was detected on port 22 (SSH) from source IP address 20.161.60.18. show less	Port Scan Brute-Force SSH
🇩🇪 piticu iuli	2026-06-03 06:55:58 (2 days ago)	(mod_security) mod_security triggered on hostname [redacted] 20.161.60.18 (US/United States/-)	SQL Injection
🇺🇸 CBJ	2026-06-03 06:30:19 (2 days ago)	fail2ban: apache-filepath-recon ...	Web App Attack
🇩🇪 NewGastroline	2026-06-03 06:28:36 (2 days ago)	Malicious request blocked by CrowdSec on gastro-prod1.boreus.de	Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2026-06-03 05:14:45 (2 days ago)	9 attacks on PHP URLs: POST /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇺🇸 sumnone	2026-06-03 01:35:06 (2 days ago)	Port probing on unauthorized port 8080	Port Scan Hacking Exploited Host
🇷🇸 Scan	2026-06-03 01:33:08 (2 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 LotPhantom	2026-06-03 01:29:37 (2 days ago)	2026-06-03T01:29:35.882396+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1 ... show more 2026-06-03T01:29:35.882396+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=20.161.60.18 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=34958 DF PROTO=TCP SPT=35975 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-03T01:29:35.885924+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=20.161.60.18 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57971 DF PROTO=TCP SPT=35975 DPT=2082 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan Hacking
🇩🇪 femboy.cat	2026-06-03 01:11:42 (2 days ago)	Port scan to tcp/2083 from 20.161.60.18	Brute-Force

Showing 1 to 15 of 83 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 203.25.124.175

🇨🇳 202.105.98.252

🇷🇴 92.118.39.236

🇺🇸 20.163.14.19

🇨🇳 218.25.89.208

🇺🇸 206.189.218.232

🇨🇦 198.50.239.95

🇺🇬 196.0.107.246

🇰🇷 175.214.123.177

🇺🇸 172.203.149.63

🇺🇸 162.216.150.232

🇻🇳 118.70.182.193

🇮🇳 103.111.228.36

🇩🇪 85.192.31.14

🇺🇸 75.127.15.105

🇺🇸 66.254.114.41

🇺🇸 2607:f8b0:4004:c1f::122

🇩🇪 185.59.103.184

🇹🇭 184.22.138.106

🇧🇷 179.184.160.50