JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.168.159.160

20.168.159.160 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.168.159.160

Whois 20.168.159.160

IP Abuse Reports for 20.168.159.160:

This IP address has been reported a total of 31 times from 23 distinct sources. 20.168.159.160 was first reported on March 17th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-10 22:45:00 (3 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 RAP	2026-06-10 09:06:27 (4 days ago)	2026-06-10 09:06:27 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇦🇹 Erpelstolz	2026-06-10 07:34:27 (4 days ago)	VM 131: 20.168.159.160 - - [10/Jun/2026:09:34:26 +0200] "GET /.git/HEAD HTTP/1.1" 404 609	Web App Attack
Anonymous	2026-06-10 05:59:03 (4 days ago)	B: f2b 404 5x	Web App Attack
🇩🇪 wiredalter	2026-06-10 05:49:52 (4 days ago)	Blocked by UFW on dVPS [8443/tcp] Source Port: 31516 TTL: 38 Packet Length: 60 TOS: 0x00 Analyzed b ... show more Blocked by UFW on dVPS [8443/tcp] Source Port: 31516 TTL: 38 Packet Length: 60 TOS: 0x00 Analyzed by https://ip.wiredalter.com show less	Port Scan Brute-Force
🇺🇸 technojoe99	2026-06-10 05:31:59 (4 days ago)	Exploit scan from 20.168.159.160. GET /.git/HEAD HTTP/1.1.	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 05:16:12 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 20.168.159.160 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.168.159.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 01:16:04.481244 2026] [security2:error] [pid 10235:tid 10235] [client 20.168.159.160:31457] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.95"] [uri "/.git/HEAD"] [unique_id "aijzFL3x0mkLN28I39qTlQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-10 05:12:14 (4 days ago)	Multiple WAF Violations	Web App Attack
🇹🇭 Sawasdee	2026-06-10 05:09:06 (4 days ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-10 04:45:38 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 20.168.159.160 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.168.159.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 00:45:31.646909 2026] [security2:error] [pid 22242:tid 22242] [client 20.168.159.160:31298] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.223"] [uri "/.git/HEAD"] [unique_id "aijr62OqGI0pwxvSBz0GZwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇳🇱 Yachiyo Runami	2026-06-03 02:01:59 (1 week ago)	Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 45 \| ... show more Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 45 \| Len: 60B(2x) \| Win: 64240(2) \| F2B/ufw-honeypot@2026-06-03T02:01:59Z show less	Port Scan Hacking
🇷🇸 Scan	2026-06-03 02:01:05 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 MPL	2026-06-03 01:53:07 (1 week ago)	tcp port scan (8 or more attempts)	Port Scan
🇵🇱 webadmin	2026-06-03 01:45:00 (1 week ago)		Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇪🇸 207.188.163.139

🇨🇱 179.60.64.229

🇵🇰 153.117.52.63

🇪🇸 149.86.233.213

🇺🇸 98.97.136.221

🇹🇷 88.243.192.146

🇵🇱 83.15.62.46

🇮🇳 65.2.167.32

🇺🇸 64.23.153.209

🇧🇷 58.68.201.85

🇸🇬 43.98.194.78

🇹🇷 24.133.193.91

🇮🇳 13.207.191.208

🇫🇮 193.151.191.238

🇮🇳 165.22.217.208

🇻🇳 157.66.26.151

🇨🇳 120.240.95.27

🇩🇪 92.119.182.166

🇸🇦 82.167.212.186