AbuseIPDB » 20.163.73.138

20.163.73.138 was found in our database!

This IP was reported 238 times. Confidence of Abuse is 0%: ?

0%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
Domain Name	microsoft.com
Country	United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IP2Location. Updated monthly.

Report 20.163.73.138

Whois 20.163.73.138

IP Abuse Reports for 20.163.73.138:

This IP address has been reported a total of 238 times from 58 distinct sources. 20.163.73.138 was first reported on August 5th 2022, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp	Comment	Categories
www.blocklist.de	2022-09-09 02:22:10 (1 year ago)	[2022-09-07T00:41:38+00:00] Detected: 20.163.73.138 C1: Web Attack: GET /wp-content/ [2022-09- ... show more[2022-09-07T00:41:38+00:00] Detected: 20.163.73.138 C1: Web Attack: GET /wp-content/ [2022-09-06T21:37:02+00:00] Detected: 20.163.73.138 PHI: Web Attack: GET /wp-content/ [2022-09-06T17:32:48+00:00] Detected: 20.163.73.138 m3: Web Attack: GET /wp-content/ ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=20.163.73.138 show less	Web Spam Blog Spam
Hirte	2022-09-09 02:01:45 (1 year ago)	C1: Web Attack GET /wp-content/	Web Spam Hacking Bad Web Bot Web App Attack
Anonymous	2022-09-08 10:48:30 (1 year ago)	[07/Sep/2022:06:42:36 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; ... show more[07/Sep/2022:06:42:36 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" [07/Sep/2022:06:42:37 -0400] \"GET /wp-content/ HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" [07/Sep/2022:12:18:57 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" [07/Sep/2022:12:18:57 -0400] \"GET /wp-content/ HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" [07/Sep/2022:13:22:32 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" [07/Sep/2022:13:22:35 -0400] \"GET /wp-content/ HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" show less	Hacking
JCB	2022-09-08 03:01:46 (1 year ago)	20.163.73.138 - - [07/Sep/2022:22:40:33 +0300] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macint ... show more20.163.73.138 - - [07/Sep/2022:22:40:33 +0300] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" 20.163.73.138 - - [07/Sep/2022:22:40:34 +0300] "GET /wp-content/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" ... show less	Hacking Brute-Force Web App Attack
VectaHosting	2022-09-07 20:01:48 (1 year ago)	20.163.73.138 - - [07/Sep/2022:17:07:29 +0200] "GET /.env HTTP/1.1" 404 479 "-" "Mozilla/5.0 (Macint ... show more20.163.73.138 - - [07/Sep/2022:17:07:29 +0200] "GET /.env HTTP/1.1" 404 479 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" 20.163.73.138 - - [07/Sep/2022:17:07:30 +0200] "GET /wp-content/ HTTP/1.1" 404 479 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" show less	Web App Attack
VectaHosting	2022-09-07 17:56:30 (1 year ago)	20.163.73.138 - - [07/Sep/2022:12:43:25 +0000] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macint ... show more20.163.73.138 - - [07/Sep/2022:12:43:25 +0000] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" "-" "108.61.***.**" sn="***.**" rt=0.000 ua="-" us="-" ut="-" ul="-" cs=- show less	Web App Attack
WebTejo	2022-09-07 15:54:15 (1 year ago)	[07/Sep/2022:20:54:13.345624 +0100] Yxj25Rrl8m37wQ2STy5fngAAAMg 20.163.73.138 58450 5.135.29.220 708 ... show more[07/Sep/2022:20:54:13.345624 +0100] Yxj25Rrl8m37wQ2STy5fngAAAMg 20.163.73.138 58450 5.135.29.220 7080 [07/Sep/2022:20:54:14.896160 +0100] Yxj25hrl8m37wQ2STy5fnwAAAM8 20.163.73.138 52614 5.135.29.223 7080 [07/Sep/2022:20:54:15.536518 +0100] Yxj25xrl8m37wQ2STy5foQAAAMM 20.163.73.138 59984 5.135.29.221 7080 ... show less	Brute-Force Web App Attack
nyclee.net	2022-09-07 15:52:58 (1 year ago)	WebServer Vunerability Probe ...	Hacking Web App Attack
Hirte	2022-09-07 13:53:19 (1 year ago)	PHI: Web Attack GET /wp-content/	Web Spam Hacking Bad Web Bot Web App Attack
ut-addicted.com	2022-09-07 12:14:25 (1 year ago)	\[Wed Sep 07 18:14:24.315239 2022\] \[:error\] \[pid 19173:tid 139915362809600\] \[client 20.163.73. ... show more\[Wed Sep 07 18:14:24.315239 2022\] \[:error\] \[pid 19173:tid 139915362809600\] \[client 20.163.73.138:59237\] \[client 20.163.73.138\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 8\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "78.46.187.162"\] \[uri "/.env"\] \[unique_id "YxjDYGlp9s5Ne9Or-1Yi7wAAAMU"\] show less	Brute-Force Web App Attack
Anonymous	2022-09-07 11:21:54 (1 year ago)	[06/Sep/2022:14:14:05 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; ... show more[06/Sep/2022:14:14:05 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" [06/Sep/2022:14:14:07 -0400] \"GET /wp-content/ HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" [06/Sep/2022:20:47:08 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" [06/Sep/2022:20:47:10 -0400] \"GET /wp-content/ HTTP/1.1\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0\" show less	Hacking
kolya	2022-09-07 10:29:21 (1 year ago)	[07/09/2022 14:29:21] Unauthorized connection attempt to port 80, server 90988ed6.	Port Scan
WebTejo	2022-09-07 09:59:08 (1 year ago)	[07/Sep/2022:14:59:03.200442 +0100] Yxijpxrl8m37wQ2STy5AJgAAAMg 20.163.73.138 59284 5.135.29.223 708 ... show more[07/Sep/2022:14:59:03.200442 +0100] Yxijpxrl8m37wQ2STy5AJgAAAMg 20.163.73.138 59284 5.135.29.223 7080 [07/Sep/2022:14:59:06.669260 +0100] Yxijqpg04Rl5R7S_EAEaFwAAAFY 20.163.73.138 40588 5.135.29.222 7080 [07/Sep/2022:14:59:07.738227 +0100] Yxijqxrl8m37wQ2STy5AKAAAAMc 20.163.73.138 57624 5.135.29.220 7080 ... show less	Brute-Force Web App Attack
ut-addicted.com	2022-09-07 09:10:59 (1 year ago)	\[Wed Sep 07 15:10:58.549426 2022\] \[:error\] \[pid 19173:tid 139915485591296\] \[client 20.163.73. ... show more\[Wed Sep 07 15:10:58.549426 2022\] \[:error\] \[pid 19173:tid 139915485591296\] \[client 20.163.73.138:61150\] \[client 20.163.73.138\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 8\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "78.46.187.162"\] \[uri "/.env"\] \[unique_id "YxiYYmlp9s5Ne9Or-1YhkwAAAMA"\] show less	Brute-Force Web App Attack
4server	2022-09-07 07:38:52 (1 year ago)	[WedSep0713:38:22.9850062022][:error][pid23611:tid47802950412032][client20.163.73.138:52116][client2 ... show more[WedSep0713:38:22.9850062022][:error][pid23611:tid47802950412032][client20.163.73.138:52116][client20.163.73.138]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"189\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"136.243.224.53\"][uri\"/.env\"][unique_id\"YxiCrkXTkb5H1yXgBTkOfQAAAA8\"][WedSep0713:38:48.2174842022][:error][pid23776:tid47802952513280][client20.163.73.138:51311][client20.163.73.138]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\| show less	Port Scan Brute-Force Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩